diff --git a/policycoreutils.spec b/policycoreutils.spec
index f7c8d0f..8bf5645 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 2.8
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
@@ -531,6 +531,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Tue Oct  2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
+- semanage: "semanage user" does not use -s, fix documentation
+- semanage: add a missing space in ibendport help
+- sepolicy: Update to work with setools-4.2.0
+
 * Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
 - semanage: Stop rejecting aliases in semanage commands
 - sepolicy: Stop rejecting aliases in sepolicy commands
diff --git a/selinux-python-fedora.patch b/selinux-python-fedora.patch
index b246688..8211514 100644
--- a/selinux-python-fedora.patch
+++ b/selinux-python-fedora.patch
@@ -193,7 +193,7 @@ index 0000000..128eb87
 +../sepolicy/sepolicy/interface.py
 +../sepolicy/sepolicy.py
 diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
-index 8d8a086..8fd9395 100644
+index 8d8a086..4ced085 100644
 --- selinux-python-2.8/semanage/semanage
 +++ selinux-python-2.8/semanage/semanage
 @@ -27,7 +27,7 @@ import traceback
@@ -205,6 +205,46 @@ index 8d8a086..8fd9395 100644
  try:
      import gettext
      kwargs = {}
+@@ -53,7 +53,7 @@ usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
+ usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
+ 
+ usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
+-usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
++usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', 'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+ 
+ usage_port = "semanage port [-h] [-n] [-N] [-S STORE] ["
+ usage_port_dict = {' --add': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --modify': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --delete': ('-p PROTOCOL', '(', 'port_name', '|', 'port_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+@@ -62,7 +62,7 @@ usage_ibpkey = "semanage ibpkey [-h] [-n] [-N] [-s STORE] ["
+ usage_ibpkey_dict = {' --add': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --modify': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --delete': ('-x SUBNET_PREFIX', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+ 
+ usage_ibendport = "semanage ibendport [-h] [-n] [-N] [-s STORE] ["
+-usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE''(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
++usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+ 
+ usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
+ usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+@@ -421,7 +421,7 @@ def setupUserParser(subparsers):
+     userParser.add_argument('-R', '--roles', default=[],
+                             action=CheckRole,
+                             help=_('''
+-SELinux Roles.  You must enclose multiple roles within quotes,                  separate by spaces. Or specify -R multiple times.
++SELinux Roles.  You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
+ '''))
+     userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
+     userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
+diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
+index 30bc670..23fec69 100644
+--- selinux-python-2.8/semanage/semanage-user.8
++++ selinux-python-2.8/semanage/semanage-user.8
+@@ -2,7 +2,7 @@
+ .SH "NAME"
+ .B semanage\-user \- SELinux Policy Management SELinux User mapping tool
+ .SH "SYNOPSIS"
+-.B  semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall  | \-\-extract  | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
++.B  semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall  | \-\-extract  | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ]
+ 
+ .SH "DESCRIPTION"
+ semanage is used to configure certain elements of
 diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8
 index 0bdb90f..0cdcfcc 100644
 --- selinux-python-2.8/semanage/semanage.8
@@ -1500,7 +1540,7 @@ index 141f64e..6287502 100755
              newval.append(v)
          setattr(namespace, self.dest, values)
 diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
-index 89346ab..2e77286 100644
+index 89346ab..e338af1 100644
 --- selinux-python-2.8/sepolicy/sepolicy/__init__.py
 +++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
 @@ -15,7 +15,7 @@ import os
@@ -1537,7 +1577,55 @@ index 89346ab..2e77286 100644
  
      elif setype == ROLE:
          q = setools.RoleQuery(_pol)
-@@ -437,6 +443,15 @@ def get_file_types(setype):
+@@ -272,34 +278,38 @@ def _setools_rule_to_dict(rule):
+         'class': str(rule.tclass),
+     }
+ 
++    # Evaluate boolean expression associated with given rule (if there is any)
+     try:
+-        enabled = bool(rule.qpol_symbol.is_enabled(rule.policy))
++        # Get state of all booleans in the conditional expression
++        boolstate = {}
++        for boolean in rule.conditional.booleans:
++            boolstate[str(boolean)] = boolean.state
++        # evaluate if the rule is enabled
++        enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block
+     except AttributeError:
++        # non-conditional rules are always enabled
+         enabled = True
+ 
+-    if isinstance(rule, setools.policyrep.terule.AVRule):
+-        d['enabled'] = enabled
++    d['enabled'] = enabled
+ 
+     try:
+         d['permlist'] = list(map(str, rule.perms))
+-    except setools.policyrep.exception.RuleUseError:
++    except AttributeError:
+         pass
+ 
+     try:
+         d['transtype'] = str(rule.default)
+-    except setools.policyrep.exception.RuleUseError:
++    except AttributeError:
+         pass
+ 
+     try:
+         d['boolean'] = [(str(rule.conditional), enabled)]
+-    except (AttributeError, setools.policyrep.exception.RuleNotConditional):
++    except AttributeError:
+         pass
+ 
+     try:
+         d['filename'] = rule.filename
+-    except (AttributeError,
+-            setools.policyrep.exception.RuleNotConditional,
+-            setools.policyrep.exception.TERuleNoFilename):
++    except AttributeError:
+         pass
+ 
+     return d
+@@ -437,6 +447,15 @@ def get_file_types(setype):
      return mpaths
  
  
@@ -1553,7 +1641,7 @@ index 89346ab..2e77286 100644
  def get_writable_files(setype):
      file_types = get_all_file_types()
      all_writes = []
-@@ -1051,7 +1066,7 @@ def gen_short_name(setype):
+@@ -1051,7 +1070,7 @@ def gen_short_name(setype):
          domainname = setype[:-2]
      else:
          domainname = setype
@@ -1562,7 +1650,7 @@ index 89346ab..2e77286 100644
          raise ValueError("domain %s_t does not exist" % domainname)
      if domainname[-1] == 'd':
          short_name = domainname[:-1] + "_"
-@@ -1160,27 +1175,14 @@ def boolean_desc(boolean):
+@@ -1160,27 +1179,14 @@ def boolean_desc(boolean):
  
  
  def get_os_version():