diff --git a/.files b/.files
index caaea54..08dc83e 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 654e103..1f1ad5f 100644
--- a/.rev
+++ b/.rev
@@ -2390,4 +2390,12 @@ See bugzilla 1167537 for the gory details.</comment>
     <comment>- Update the macros file to simplify the debuginfo installation</comment>
     <requestid>1012066</requestid>
   </revision>
+  <revision rev="303" vrev="3">
+    <srcmd5>b779a699a093855d01032ff97dbde4b7</srcmd5>
+    <version>4.17.1.1</version>
+    <time>1668271205</time>
+    <user>dimstar_suse</user>
+    <comment></comment>
+    <requestid>1035056</requestid>
+  </revision>
 </revisionlist>
diff --git a/rpm.changes b/rpm.changes
index faecf0d..90bb5ef 100644
--- a/rpm.changes
+++ b/rpm.changes
@@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Tue Oct 25 12:15:12 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Add selinux_transactional_update.patch to ignore errors when setting
+  file labels during transactional updates. They will be set upon
+  reboot once the new policy is loaded (bsc#1204605)
+
+-------------------------------------------------------------------
 Fri Sep 23 11:06:06 UTC 2022 - Stephan Kulow <coolo@suse.com>
 
 - Update the macros file to simplify the debuginfo installation
diff --git a/rpm.spec b/rpm.spec
index f469f06..aa96eab 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -111,6 +111,7 @@ Patch123:       nextiteratorheaderblob.diff
 Patch131:       posttrans.diff
 Patch133:       zstdpool.diff
 Patch134:       zstdthreaded.diff
+Patch135:       selinux_transactional_update.patch
 # touches a generated file
 Patch180:       whatrequires-doc.diff
 Patch6464:      auto-config-update-aarch64-ppc64le.diff
@@ -222,6 +223,7 @@ rm -rf sqlite
 %patch -P 100        -P 102 -P 103
 %patch                                                  -P 117
 %patch -P 122 -P 123               -P 131        -P 133 -P 134
+%patch -p1 -P 135
 %patch -P 180
 
 %ifarch aarch64 ppc64le riscv64
diff --git a/selinux_transactional_update.patch b/selinux_transactional_update.patch
new file mode 100644
index 0000000..f02d24d
--- /dev/null
+++ b/selinux_transactional_update.patch
@@ -0,0 +1,29 @@
+Index: rpm-4.17.1.1/plugins/selinux.c
+===================================================================
+--- rpm-4.17.1.1.orig/plugins/selinux.c
++++ rpm-4.17.1.1/plugins/selinux.c
+@@ -7,6 +7,7 @@
+ #include <rpm/rpmlog.h>
+ #include <rpm/rpmts.h>
+ #include "lib/rpmplugin.h"
++#include <stdlib.h>
+ 
+ #include "debug.h"
+ 
+@@ -165,9 +166,15 @@ static rpmRC selinux_fsm_file_prepare(rp
+ 	char *scon = NULL;
+ 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
+ 	    int conrc = lsetfilecon(path, scon);
+-
+ 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
+ 		rc = RPMRC_OK;
++	    else {
++		char *tup = getenv("TRANSACTIONAL_UPDATE");
++		if ( tup != NULL && ! strncmp( tup, "true", 4 ) ) {
++		    rpmlog(RPMLOG_DEBUG, "lsetfilecon failed, will be healed upon reboot (transactional update): (%s, %s)\n", path, scon);
++		    rc = RPMRC_OK;
++		}
++	    }
+ 
+ 	    rpmlog(loglvl(rc != RPMRC_OK), "lsetfilecon: (%s, %s) %s\n",
+ 		       path, scon, (conrc < 0 ? strerror(errno) : ""));