diff --git a/.gitignore b/.gitignore
index 99a0d94..b7ef001 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-141c3fd.tar.gz
+SOURCES/selinux-policy-0b21d4c.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 72cb13e..9c4150c 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,2 +1,2 @@
-76b98420bd78a14b2421e1f14680b6bfe60fcfdf SOURCES/container-selinux.tgz
-fc88dd3c49d79e37c37b32014241fa85b457daa4 SOURCES/selinux-policy-141c3fd.tar.gz
+a405401da19909415b7ee69e2b2cdfed0c0fb03d SOURCES/container-selinux.tgz
+b281e81483dc3f6b56caa221d3b42930ee0b7f37 SOURCES/selinux-policy-0b21d4c.tar.gz
diff --git a/SOURCES/booleans-targeted.conf b/SOURCES/booleans-targeted.conf
index 8789a08..274d3cc 100644
--- a/SOURCES/booleans-targeted.conf
+++ b/SOURCES/booleans-targeted.conf
@@ -12,8 +12,6 @@ pppd_can_insmod = false
 privoxy_connect_any = true
 selinuxuser_direct_dri_enabled = true
 selinuxuser_execmem = true
-selinuxuser_execmod = true
-selinuxuser_execstack = true
 selinuxuser_rw_noexattrfile=true
 selinuxuser_ping = true
 squid_connect_any = true
diff --git a/SOURCES/modules-targeted-contrib.conf b/SOURCES/modules-targeted-contrib.conf
index 0e66811..61f027d 100644
--- a/SOURCES/modules-targeted-contrib.conf
+++ b/SOURCES/modules-targeted-contrib.conf
@@ -2663,3 +2663,10 @@ stratisd = module
 # ica
 #
 ica = module
+
+# Layer: contrib
+# Module: insights_client
+#
+# insights_client
+#
+insights_client = module
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 07e9de0..c5f39f4 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 141c3fde08c02097e0b6fa179a33cc17371e9a22
+%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.1.22
+Version: 34.1.26
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -792,6 +792,94 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1
+- Remove permissive domain for insights_client_t
+Resolves: rhbz#2055823
+- New policy for insight-client
+Resolves: rhbz#2055823
+- Allow confined sysadmin to use tool vipw
+Resolves: rhbz#2053458
+- Allow chage domtrans to sssd
+Resolves: rhbz#2054657
+- Remove label for /usr/sbin/bgpd
+Resolves: rhbz#2055578
+- Dontaudit pkcsslotd sys_admin capability
+Resolves: rhbz#2055639
+- Do not change selinuxuser_execmod and selinuxuser_execstack
+Resolves: rhbz#2055822
+- Allow tuned to read rhsmcertd config files
+Resolves: rhbz#2055823
+
+* Mon Feb 14 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.25-1
+- Allow systemd watch unallocated ttys
+Resolves: rhbz#2054150
+- Allow alsa bind mixer controls to led triggers
+Resolves: rhbz#2049732
+- Allow alsactl set group Process ID of a process
+Resolves: rhbz#2049732
+- Allow unconfined to run virtd bpf
+Resolves: rhbz#2033504
+
+* Fri Feb 04 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.24-1
+- Allow tumblerd write to session_dbusd tmp socket files
+Resolves: rhbz#2000039
+- Allow login_userdomain write to session_dbusd tmp socket files
+Resolves: rhbz#2000039
+- Allow login_userdomain create session_dbusd tmp socket files
+Resolves: rhbz#2000039
+- Allow gkeyringd_domain write to session_dbusd tmp socket files
+Resolves: rhbz#2000039
+- Allow systemd-logind delete session_dbusd tmp socket files
+Resolves: rhbz#2000039
+- Allow gdm-x-session write to session dbus tmp sock files
+Resolves: rhbz#2000039
+- Allow sysadm_t nnp_domtrans to systemd_tmpfiles_t
+Resolves: rhbz#2039453
+- Label exFAT utilities at /usr/sbin
+Resolves: rhbz#1972225
+
+* Wed Feb 02 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.23-1
+- Allow systemd nnp_transition to login_userdomain
+Resolves: rhbz#2039453
+- Label /var/run/user/%{USERID}/dbus with session_dbusd_tmp_t
+Resolves: rhbz#2000039
+- Change /run/user/[0-9]+ to /run/user/%{USERID} for proper labeling
+Resolves: rhbz#2000039
+- Allow scripts to enter LUKS password
+Resolves: rhbz#2048521
+- Allow system_mail_t read inherited apache system content rw files
+Resolves: rhbz#2049372
+- Add apache_read_inherited_sys_content_rw_files() interface
+Related: rhbz#2049372
+- Allow sanlock get attributes of filesystems with extended attributes
+Resolves: rhbz#2047811
+- Associate stratisd_data_t with device filesystem
+Resolves: rhbz#2039974
+- Allow init read stratis data symlinks
+Resolves: rhbz#2039974
+- Label /run/stratisd with stratisd_var_run_t
+Resolves: rhbz#2039974
+- Allow domtrans to sssd_t and role access to sssd
+Resolves: rhbz#2039757
+- Creating interface sssd_run_sssd()
+Resolves: rhbz#2039757
+- Fix badly indented used interfaces
+Resolves: rhbz#2039757
+- Allow domain transition to sssd_t
+Resolves: rhbz#2039757
+- Label /dev/nvme-fabrics with fixed_disk_device_t
+Resolves: rhbz#2039759
+- Allow local_login_t nnp_transition to login_userdomain
+Resolves: rhbz#2039453
+- Allow xdm_t nnp_transition to login_userdomain
+Resolves: rhbz#2039453
+- Make cupsd_lpd_t a daemon
+Resolves: rhbz#2039449
+- Label utilities for exFAT filesystems with fsadm_exec_t
+Resolves: rhbz#1972225
+- Dontaudit sfcbd sys_ptrace cap_userns
+Resolves: rhbz#2040311
+
 * Tue Jan 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.22-1
 - Allow sshd read filesystem sysctl files
 Resolves: rhbz#2036585