diff --git a/.gitignore b/.gitignore
index 08d9773..19e606e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -287,3 +287,5 @@ serefpolicy*
 /selinux-policy-contrib-12d91da.tar.gz
 /selinux-policy-contrib-6cf567f.tar.gz
 /selinux-policy-a1ec13e.tar.gz
+/selinux-policy-contrib-93edf9a.tar.gz
+/selinux-policy-d06c960.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0fcf1ce..671d5ff 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 a1ec13e6114be5f88449a3f7e87468ca5f36ead5
+%global commit0 d06c960c55dcf093800123327a58c4adf3ffe3dd
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 6cf567fea24b91d5a6a82e37e66a0c01548846b2
+%global commit1 93edf9a38fec7dac9845cb7d5630b4ae931e36f7
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -718,6 +718,46 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22
+- Fix typo in authconfig policy
+- Update ctdb domain to support gNFS setup
+- Allow authconfig_t dbus chat with policykit
+- Allow lircd_t domain to read system state
+- Revert "Allow fsdaemon_t do send emails BZ(1582701)"
+- Typo in uuidd policy
+- Allow tangd_t domain read certs
+- Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107)
+- Allow vpnc_t domain to read generic certs BZ(1583100)
+- Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811)
+- Allow NetworkManager_ssh_t domain to be system dbud client
+- Allow virt_qemu_ga_t read utmp
+- Add capability dac_override to system_mail_t domain
+- Update uuidd policy to reflect last changes from base branch
+- Add cap dac_override to procmail_t domain
+- Allow sendmail to mmap etc_aliases_t files BZ(1578569)
+- Add new interface dbus_read_pid_sock_files()
+- Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled
+- Allow fsdaemon_t do send emails BZ(1582701)
+- Allow firewalld_t domain to request kernel module BZ(1573501)
+- Allow chronyd_t domain to send send msg via dgram socket BZ(1584757)
+- Add sys_admin capability to fprint_t SELinux domain
+- Allow cyrus_t domain to create own files under /var/run BZ(1582885)
+- Allow cachefiles_kernel_t domain to have capability dac_override
+- Update policy for ypserv_t domain
+- Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t
+- Allow cyrus to have dac_override capability
+- Dontaudit action when abrt-hook-ccpp is writing to nscd sockets
+- Fix homedir polyinstantion under mls
+- Fixed typo in init.if file
+- Allow systemd to remove generic tmpt files BZ(1583144)
+- Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation
+- Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075)
+- Fix typo in authlogin SELinux security module
+- Allod nsswitch_domain attribute to be system dbusd client BZ(1584632)
+- Allow audisp_t domain to mmap audisp_exec_t binary
+- Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file
+- Label tcp/udp ports 2612 as qpasa_agetn_port_t
+
 * Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21
 - Add dac_override to exim policy BZ(1574303)
 - Fix typo in conntrackd.fc file
diff --git a/sources b/sources
index 027f9e2..db51a23 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-6cf567f.tar.gz) = 46f21dd2d17f314e6beb2197ba80139c4fa2d468e9f60caeb99200a943e62435b8567f4134fcf15674d9544382cd48c7befc82a91360f5123533bab22dd14d26
-SHA512 (selinux-policy-a1ec13e.tar.gz) = 1dfc5fa9345f39d0815f6450951fd6925b2f1a3df091193c259545218197b3f31cdff033d0e2c9a2f61de387c1deb3cac1573b17ec43c313ba4520c3ed5f71af
-SHA512 (container-selinux.tgz) = 25c6d9a075212c43a7895e858d6466e5b3a9658753efd06096442481d285ef7ed7e4cd1bad39d9fb9f0c4e44253c10c513880e6f75a717c335d1fdfbbb3f91b3
+SHA512 (selinux-policy-contrib-93edf9a.tar.gz) = dcbcbe679f779d594625ba1e25ae346e6854274ee4ca297f2e94b216352b054bcd98364792f048f638f38abc4e436bf400e38d634a43dc322f5c65129e18a782
+SHA512 (selinux-policy-d06c960.tar.gz) = 80671384c85c91b920ad792b290843986b5ba495416de49cf94535bdba28b3dfe237a925116767dd7e781f76df44168788217169f03648ea82f37aa586395a38
+SHA512 (container-selinux.tgz) = f841e4e02294f0c12bbb81bc463ba8129154f5fdb18b9ad7fe254e86b6668dca069991dd3c3b3b8a20ef072fcd018750fbf8f5399a1a221b427bd92268d0b243