diff --git a/.gitignore b/.gitignore
index 218fa70..78aef59 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-599ea13.tar.gz
-SOURCES/selinux-policy-contrib-0a6ca75.tar.gz
+SOURCES/selinux-policy-4c3b7d3.tar.gz
+SOURCES/selinux-policy-contrib-88b9517.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 12059ee..ce71b76 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-918fd9344446a8b0ea2852dfc42bd1a8899c5337 SOURCES/container-selinux.tgz
-5a7f2b80030e9cb4419ca0e7ba0022d810cd2228 SOURCES/selinux-policy-599ea13.tar.gz
-3994703112488b7529339a94d902b71980136a37 SOURCES/selinux-policy-contrib-0a6ca75.tar.gz
+b15953440b924d21a81e4df79fdcb10f679c8aa5 SOURCES/container-selinux.tgz
+afa5826493350e51e548487a403baabf15b7e9cf SOURCES/selinux-policy-4c3b7d3.tar.gz
+2ed837b3ac267d90ad8854a8b138b97e5b643793 SOURCES/selinux-policy-contrib-88b9517.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index c83e4af..c81f803 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 599ea1311cbb2e8dea05f89507de009eb370db51
+%global commit0 4c3b7d30413032b45585248983844f2e1a32c6db
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 0a6ca756d70637c08a9205910a2eabe853e31677
+%global commit1 88b951795c1c83534a369b1aec29d35c37049e05
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 62%{?dist}
+Release: 63%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -254,12 +254,12 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \
-%{_sharedstatedir}/selinux/%1/active/commit_num \
-%{_sharedstatedir}/selinux/%1/active/users_extra \
-%{_sharedstatedir}/selinux/%1/active/homedir_template \
-%{_sharedstatedir}/selinux/%1/active/seusers \
-%{_sharedstatedir}/selinux/%1/active/file_contexts \
-%{_sharedstatedir}/selinux/%1/active/policy.kern \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/commit_num \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/users_extra \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/homedir_template \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/seusers \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/policy.kern \
 %ghost %{_sharedstatedir}/selinux/%1/active/policy.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
@@ -715,6 +715,26 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-63
+- Allow rtkit_daemon_t domain set process nice value in user namespaces
+Resolves: rhbz#1910507
+- Allow gpsd read and write ptp4l_t shared memory.
+Resolves: rhbz#1803845
+- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type
+Resolves: rhbz#1804626
+- Allow Certmonger to use opencryptoki services
+Resolves: rhbz#1894132
+- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm
+Resolves: rhbz#1815603
+- Allow rhsmcertd_t read kpatch lib files
+Resolves: rhbz#1895322
+- Allow ipsec_t connectto ipsec_mgmt_t
+Resolves: rhbz#1848355
+- Allow IPsec to use opencryptoki services
+Resolves: rhbz#1894132
+- Allow systemd-importd create /run/systemd/machines.lock file
+Resolves: rhbz#1788055
+
 * Fri Jan 29 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-62
 - Allow rhsmcertd_t domain transition to kpatch_t
 Resolves: rhbz#1895322