diff --git a/.gitignore b/.gitignore
index 1a35944..041ee17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-8a7c84e.tar.gz
-SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
+SOURCES/selinux-policy-426c028.tar.gz
+SOURCES/selinux-policy-contrib-c6da44c.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 39ba78e..d110037 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-d0e11bf7b5ed075673adf6b4f0a273c85b1c45a8 SOURCES/container-selinux.tgz
-76b2e33f2f4a051d9b2b4bd4b542146ce867846b SOURCES/selinux-policy-8a7c84e.tar.gz
-e03893817cec19f671f3254f424f313af3e3e3ee SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
+bbb33f1d3ec06ac961c111b66a324496cbe9768f SOURCES/container-selinux.tgz
+8f77181d801751fdd49e7a537b291af8b455ed51 SOURCES/selinux-policy-426c028.tar.gz
+84a66625f87ed784dc752c76eca051d058abfa8d SOURCES/selinux-policy-contrib-c6da44c.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 1d08611..0ee5c6b 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 8a7c84e9d530d1ef4bea7895c18095254ed0cb2b
+%global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 3fdedc8e457a69925e40d245785d132185c27fb3
+%global commit1 c6da44cc670eb76341a756f7d338e60cfa7cd8ac
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 108%{?dist}.2
+Release: 117%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -717,59 +717,182 @@ exit 0
 %endif
 
 %changelog
-* Tue Feb 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.2
-- Add domain_unix_read_all_semaphores() interface
-Resolves: rhbz#2170510
-- Add interfaces in domain, files, and unconfined modules
-Resolves: rhbz#2170510
+* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
+- Fix opencryptoki file names in /dev/shm
+Resolves: rhbz#2028637
+- Allow system_cronjob_t transition to rpm_script_t
+Resolves: rhbz#2154242
+- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
+Resolves: rhbz#2154242
+- Allow httpd work with tokens in /dev/shm
+Resolves: rhbz#2028637
+- Allow keepalived to set resource limits
+Resolves: rhbz#2168638
+- Allow insights-client manage fsadm pid files
+
+* Thu Feb 09 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-116
+- Allow sysadm_t run initrc_t script and sysadm_r role access
+Resolves: rhbz#2039662
 - Allow insights-client manage fsadm pid files
-Resolves: rhbz#2170510
+Resolves: rhbz#2166802
+- Add journalctl the sys_resource capability
+Resolves: rhbz#2136189
+
+* Thu Jan 26 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-115
+- Fix syntax problem in redis.te
+Resolves: rhbz#2112228
+- Allow unconfined user filetransition for sudo log files
+Resolves: rhbz#2164047
+- Allow winbind-rpcd make a TCP connection to the ldap port
+Resolves: rhbz#2152642
+- Allow winbind-rpcd manage samba_share_t files and dirs
+Resolves: rhbz#2152642
 - Allow insights-client work with su and lpstat
-Resolves: rhbz#2170510
+Resolves: rhbz#2134125
 - Allow insights-client read nvme devices
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
 - Allow insights-client tcp connect to all ports
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
+- Allow redis-sentinel execute a notification script
+Resolves: rhbz#2112228
+
+* Thu Jan 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-114
+- Add interfaces in domain, files, and unconfined modules
+Resolves: rhbz#2141311
+- Allow sysadm_t read/write ipmi devices
+Resolves: rhbz#2148561
+- Allow sudodomain use sudo.log as a logfile
+Resolves: rhbz#2143762
 - Add insights additional capabilities
-Resolves: rhbz#2170510
+Resolves: rhbz#2158779
 - Allow insights client work with gluster and pcp
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
+- Allow prosody manage its runtime socket files
+Resolves: rhbz#2157902
+- Allow system mail service read inherited certmonger runtime files
+Resolves: rhbz#2143337
+- Add lpr_roles  to system_r roles
+Resolves: rhbz#2151111
+
+* Thu Dec 15 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-113
+- Allow systemd-socket-proxyd get attributes of cgroup filesystems
+Resolves: rhbz#2088441
+- Allow systemd-socket-proxyd get filesystems attributes
+Resolves: rhbz#2088441
+- Allow sysadm read ipmi devices
+Resolves: rhbz#2148561
+- Allow system mail service read inherited certmonger runtime files
+Resolves: rhbz#2143337
+- Add lpr_roles  to system_r roles
+Resolves: rhbz#2151111
 - Allow insights-client tcp connect to various ports
-Resolves: rhbz#2170510
+Resolves: rhbz#2151111
 - Allow insights-client work with pcp and manage user config files
-Resolves: rhbz#2170510
+Resolves: rhbz#2151111
 - Allow insights-client dbus chat with various services
-Resolves: rhbz#2170510
+Resolves: rhbz#2152867
 - Allow insights-client dbus chat with abrt
-Resolves: rhbz#2170510
+Resolves: rhbz#2152867
+- Allow redis get user names
+Resolves: rhbz#2112228
+- Add winbind-rpcd to samba_enable_home_dirs boolean
+Resolves: rhbz#2143696
+
+* Wed Nov 30 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-112
+- Allow ipsec_t only read tpm devices
+Resolves: rhbz#2147380
+- Allow ipsec_t read/write tpm devices
+Resolves: rhbz#2147380
+- Label udf tools with fsadm_exec_t
+Resolves: rhbz#1972230
+- Allow the spamd_update_t domain get generic filesystem attributes
+Resolves: rhbz#2144501
+- Allow cdcc mmap dcc-client-map files
+Resolves: rhbz#2144505
 - Allow insights client communicate with cupsd, mysqld, openvswitch, redis
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
 - Allow insights client read raw memory devices
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
+- Allow winbind-rpcd get attributes of device and pty filesystems
+Resolves: rhbz#2107106
+- Allow postfix/smtpd read kerberos key table
+Resolves: rhbz#1983308
+
+* Fri Nov 11 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-111
+- Add domain_unix_read_all_semaphores() interface
+Resolves: rhbz#2141311
+- Allow iptables list cgroup directories
+Resolves: rhbz#2134820
+- Allow systemd-hostnamed dbus chat with init scripts
+Resolves: rhbz#2111632
+- Allow systemd to read symlinks in /var/lib
+Resolves: rhbz#2118784
 - Allow insights-client domain transition on semanage execution
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client create gluster log dir with a transition
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client manage generic locks
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client unix_read all domain semaphores
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
+- Allow winbind-rpcd use the terminal multiplexor
+Resolves: rhbz#2107106
+- Allow mrtg send mails
+Resolves: rhbz#2103675
+- Allow sssd dbus chat with system cronjobs
+Resolves: rhbz#2132922
+- Allow postfix/smtp and postfix/virtual read kerberos key table
+Resolves: rhbz#1983308
+
+* Thu Oct 20 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-110
+- Add the systemd_connectto_socket_proxyd_unix_sockets() interface
+Resolves: rhbz#208441
+- Add the dev_map_vhost() interface
+Resolves: rhbz#2122920
+- Allow init remount all file_type filesystems
+Resolves: rhbz#2122239
+- added policy for systemd-socket-proxyd
+Resolves: rhbz#2088441
+- Allow virt_domain map vhost devices
+Resolves: rhbz#2122920
+- Allow virt domains to access xserver devices
+Resolves: rhbz#2122920
+- Allow rotatelogs read httpd_log_t symlinks
+Resolves: rhbz#2030633
+- Allow vlock search the contents of the /dev/pts directory
+Resolves: rhbz#2122838
+- Allow system cronjobs dbus chat with setroubleshoot
+Resolves: rhbz#2125008
+- Allow ptp4l_t name_bind ptp_event_port_t
+Resolves: rhbz#2130168
+- Allow pcp_domain execute its private memfd: objects
+Resolves: rhbz#2090711
+- Allow samba-dcerpcd use NSCD services over a unix stream socket
+Resolves: rhbz#2121709
+- Allow insights-client manage samba var dirs
+Resolves: rhbz#2132230
 
-* Fri Nov 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.1
+* Wed Oct 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-109
 - Add the files_map_read_etc_files() interface
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client manage samba var dirs
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client send null signal to rpm and system cronjob
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Update rhcd policy for executing additional commands 4
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client connect to postgresql with a unix socket
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client domtrans on unix_chkpwd execution
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Add file context entries for insights-client and rhc
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
+- Allow snmpd_t domain to trace processes in user namespace
+Resolves: rhbz#2121084
+- Allow sbd the sys_ptrace capability
+Resolves: rhbz#2124552
+- Allow pulseaudio create gnome content (~/.config)
+Resolves: rhbz#2124387
 
 * Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
 - Allow unconfined_service_t insights client content filetrans