diff --git a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_create.diff b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_create.diff
new file mode 100644
index 0000000000..b8ae12ae00
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_create.diff
@@ -0,0 +1,20 @@
+diff -ur refpolicy.orig/policy/mcs refpolicy/policy/mcs
+--- refpolicy.orig/policy/mcs	2014-06-16 10:44:12.000000000 -0700
++++ refpolicy/policy/mcs	2015-09-09 16:40:55.212940234 -0700
+@@ -99,14 +99,14 @@
+ # New filesystem object labels must be dominated by the relabeling subject
+ # clearance, also the objects are single-level.
+ mlsconstrain file { create relabelto }
+-	(( h1 dom h2 ) and ( l2 eq h2 ));
++	((( h1 dom h2 ) and ( l2 eq h2 )) or (t1 == mcswriteall));
+ 
+ # new file labels must be dominated by the relabeling subject clearance
+ mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
+ 	( h1 dom h2 );
+ 
+ mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
+-	(( h1 dom h2 ) and ( l2 eq h2 ));
++	((( h1 dom h2 ) and ( l2 eq h2 )) or (t1 == mcswriteall));
+ 
+ mlsconstrain process { transition dyntransition }
+ 	(( h1 dom h2 ) or ( t1 == mcssetcats ));
diff --git a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_range_target.diff b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_range_target.diff
new file mode 100644
index 0000000000..1c16ab7fdb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_range_target.diff
@@ -0,0 +1,9 @@
+diff -ur mcs.orig/policy/mcs mcs/policy/mcs
+--- refpolicy.orig/policy/mcs	2015-09-14 11:32:38.155721902 -0700
++++ refpolicy/policy/mcs	2015-09-14 11:36:08.055490569 -0700
+@@ -1,4 +1,5 @@
+ ifdef(`enable_mcs',`
++default_range dir_file_class_set target low-high;
+ #
+ # Define sensitivities 
+ #
diff --git a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r7.ebuild
similarity index 98%
rename from sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r6.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r7.ebuild
index 75c098feda..b35bd79520 100644
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r6.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r7.ebuild
@@ -52,6 +52,8 @@ src_prepare() {
 	fi
 
 	epatch "${FILESDIR}/kernel_mcs.diff"
+	epatch "${FILESDIR}/mcs_create.diff"
+	epatch "${FILESDIR}/mcs_range_target.diff"
 
 	cd "${S}/refpolicy"
 	make bare