diff --git a/.gitignore b/.gitignore
index 1ec9e6a..cb4bd4f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-31a9744.tar.gz
-SOURCES/selinux-policy-contrib-f659db9.tar.gz
+SOURCES/selinux-policy-76d3f46.tar.gz
+SOURCES/selinux-policy-contrib-f71a764.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 6cbe2d1..8b25f61 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-7e8924346f497afc19e9e727b431673b7a9d68a9 SOURCES/container-selinux.tgz
-029927e86dab9c8acfb0f9ee90b7727537c7657b SOURCES/selinux-policy-31a9744.tar.gz
-138acf482a7c4c350809c7b31c79294281be49db SOURCES/selinux-policy-contrib-f659db9.tar.gz
+630fb93dc3f0c54c9bac3e9e29742b235e3d3226 SOURCES/container-selinux.tgz
+868d9fd6e2fed0794a9a7b698586a5419d97cb7e SOURCES/selinux-policy-76d3f46.tar.gz
+fe5e8136583726cb626ba6eacc7c148df57926a7 SOURCES/selinux-policy-contrib-f71a764.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 9e69a17..8f5bb4e 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 31a9744d4abf9817c82d29dd791b0439bd632852
+%global commit0 76d3f46c6576aa301aef3702c1c30739f506691f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 f659db9cce300873aabec1a11fcc39d69e043267
+%global commit1 f71a76424ebaf8e8af3896bc758cfe10b9102892
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 95%{?dist}.4
+Release: 108%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -148,7 +148,7 @@ SELinux policy development and man page package
 %{_usr}/share/selinux/devel/Makefile
 %{_usr}/share/selinux/devel/example.*
 %{_usr}/share/selinux/devel/policy.*
-%ghost %{_sharedstatedir}/sepolgen/interface_info
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
 
 %post devel
 selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null 
@@ -717,92 +717,251 @@ exit 0
 %endif
 
 %changelog
-* Mon Aug 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.4
-- rebuild
-Resolves: rhbz#2103606
-
-* Thu Aug 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.3
+* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
+- Allow unconfined_service_t insights client content filetrans
+Resolves: rhbz#2119507
+- Allow nsswitch_domain to connect to systemd-machined using a unix socket
+Resolves: rhbz#2119507
+- Add init_status_all_script_files() interface
+Resolves: rhbz#2119507
+- Add dev_dontaudit_write_raw_memory() and dev_read_vsock() interfaces
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 5
+Resolves: rhbz#2119507
+- Confine insights-client systemd unit
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 4
+Resolves: rhbz#2119507
+- Change rhsmcertd_t to insights_client_t in insights-client policy
+Resolves: rhbz#2119507
+- Allow insights-client send signull to unconfined_service_t
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 3
+Resolves: rhbz#2119507
+- Allow journalctl read init state
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 2
+Resolves: rhbz#2119507
+
+* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
+- Label 319/udp port with ptp_event_port_t
+Resolves: rhbz#2118628
+- Allow unconfined and sysadm users transition for /root/.gnupg
+Resolves: rhbz#2119507
+- Add the kernel_read_proc_files() interface
+Resolves: rhbz#2119507
+- Add userdom_view_all_users_keys() interface
+Resolves: rhbz#2119507
+- Allow system_cronjob_t domtrans to rpm_script_t
+Resolves: rhbz#2118362
+- Allow smbd_t process noatsecure permission for winbind_rpcd_t
+Resolves: rhbz#2117199
+- Allow chronyd bind UDP sockets to ptp_event ports
+Resolves: rhbz#2118628
+- Allow samba-bgqd to read a printer list
+Resolves: rhbz#2118958
+- Add gpg_filetrans_admin_home_content() interface
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution
+Resolves: rhbz#2119507
+- Allow gpg read and write generic pty type
+Resolves: rhbz#2119507
+- Allow chronyc read and write generic pty type
+Resolves: rhbz#2119507
+- Disable rpm verification on interface_info
+Resolves: rhbz#2119472
+
+* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
+- Allow networkmanager to signal unconfined process
+Resolves: rhbz#1918148
+- Allow sa-update to get init status and start systemd files
+Resolves: rhbz#2011239
+- Allow samba-bgqd get a printer list
+Resolves: rhbz#2114737
 - Allow insights-client rpm named file transitions
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Add /var/tmp/insights-archive to insights_client_filetrans_named_content
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Use insights_client_filetrans_named_content
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Make default file context match with named transitions
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Allow rhsmcertd to read insights config files
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Label /etc/insights-client/machine-id
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
+
+* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
+- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
+Resolves: rhbz#2108383
+- Update winbind_rpcd_t
+Resolves: rhbz#2108383
+- Allow irqbalance file transition for pid sock_files and directories
+Resolves: rhbz#2111916
+- Update irqbalance runtime directory file context
+Resolves: rhbz#2111916
+
+* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
+- Update samba-dcerpcd policy for kerberos usage 2
+Resolves: rhbz#2096825
+
+* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
+- Allow domain read usermodehelper state information
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls
+Resolves: rhbz#2083504
+- Allow samba-dcerpcd work with sssd
+Resolves: rhbz#2096825
+- Allow winbind_rpcd_t connect to self over a unix_stream_socket
+Resolves: rhbz#2096825
+- Update samba-dcerpcd policy for kerberos usage
+Resolves: rhbz#2096825
+- Allow keepalived read the contents of the sysfs filesystem
+Resolves: rhbz#2098189
+- Update policy for samba-dcerpcd
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls 2/2
+Resolves: rhbz#2083504
+- Update insights_client_filetrans_named_content()
+Resolves: rhbz#2091117
 
-* Tue Jul 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.2
-- Add the init_status_config_transient_files() interface
-Resolves: rhbz#2103606
+* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
 - Allow transition to insights_client named content
-Resolves: rhbz#2103606
-- Allow init_t to rw insights_client unnamed pipe
-Resolves: rhbz#2103606
-- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
-Resolves: rhbz#2103606
-- Add the gpg_manage_admin_home_content() interface
-Resolves: rhbz#2103606
-- Update insights_client_filetrans_named_content()
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Add the insights_client_filetrans_named_content() interface
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands 3
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
+
+* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
+- Add the init_status_config_transient_files() interface
+Resolves: rhbz#2091117
+- Allow init_t to rw insights_client unnamed pipe
+Resolves: rhbz#2091117
+- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
+Resolves: rhbz#2091117
 - Allow insights-client get status of the systemd transient scripts
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Allow insights-client execute its private memfd: objects
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands 2
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Do not call systemd_userdbd_stream_connect() for insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Use insights_client_tmp_t instead of insights_client_var_tmp_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Change space indentation to tab in insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Use socket permissions sets in insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Change rpm_setattr_db_files() to use a pattern
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Add rpm setattr db files macro
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Fix insights client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
+
+* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
+- Update logging_create_generic_logs() to use create_files_pattern()
+Resolves: rhbz#2081907
+- Add the auth_read_passwd_file() interface
+Resolves: rhbz#2083504
+- Allow auditd_t noatsecure for a transition to audisp_remote_t
+Resolves: rhbz#2081907
+- Add support for samba-dcerpcd
+Resolves: rhbz#2083504
+- Allow rhsmcertd create generic log files
+Resolves: rhbz#1852086
+- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
+Resolves: rhbz#2090800
+
+* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
+- Allow ifconfig_t domain to manage vmware logs
+Resolves: rhbz#1721943
 - Allow insights-client manage gpg admin home content
-Resolves: rhbz#2103606
+Resolves: rhbz#2060834
+- Add the gpg_manage_admin_home_content() interface
+Resolves: rhbz#2060834
 - Label /var/cache/insights with insights_client_cache_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2063195
 - Allow insights-client search gconf homedir
-Resolves: rhbz#2103606
+Resolves: rhbz#2087069
 - Allow insights-client create and use unix_dgram_socket
-Resolves: rhbz#2103606
+Resolves: rhbz#2087069
+- Label more vdsm utils with virtd_exec_t
+Resolves: rhbz#2063871
+- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
+Resolves: rhbz#2063871
+- Allow sblim-gatherd the kill capability
+Resolves: rhbz#2082677
+- Allow privoxy execmem
+Resolves: rhbz#2083940
+
+* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
+- Allow sysadm user execute init scripts with a transition
+Resolves: rhbz#2039662
+- Change invalid type redisd_t to redis_t in redis_stream_connect()
+Resolves: rhbz#1897517
+- Allow php-fpm write access to /var/run/redis/redis.sock
+Resolves: rhbz#1897517
+- Allow sssd read systemd-resolved runtime directory
+Resolves: rhbz#2060721
+- Allow postfix stream connect to cyrus through runtime socket
+Resolves: rhbz#2066005
 - Allow insights-client create_socket_perms for tcp/udp sockets
-Resolves: rhbz#2103606
+Resolves: rhbz#2073395
 - Allow insights-client read rhnsd config files
-Resolves: rhbz#2103606
+Resolves: rhbz#2073395
+- Allow sblim-sfcbd connect to sblim-reposd stream
+Resolves: rhbz#2075810
+- Allow rngd drop privileges via setuid/setgid/setcap
+Resolves: rhbz#2076641
+- Allow rngd_t domain to use nsswitch
+Resolves: rhbz#2076641
+
+* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
+- Create macro corenet_icmp_bind_generic_node()
+Resolves: rhbz#2070870
+- Allow traceroute_t and ping_t to bind generic nodes.
+Resolves: rhbz#2070870
+- Allow administrative users the bpf capability
+Resolves: rhbz#2070983
 - Allow insights-client search rhnsd configuration directory
-Resolves: rhbz#2103606
-
-* Thu Jun 09 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.1
-- Label more vdsm utils with virtd_exec_t
-Resolves: rhbz#2095184
+Resolves: rhbz#2073395
+- Allow ntlm_auth read the network state information
+Resolves: rhbz#2073349
+- Allow keepalived setsched and sys_nice
+Resolves: rhbz#2008033
+- Revert "Allow administrative users the bpf capability"
+Resolves: rhbz#2070983
+
+
+* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
+- Add interface rpc_manage_exports
+Resolves: rhbz#2062183
+- Allow sshd read filesystem sysctl files
+Resolves: rhbz#2061403
+- Update targetd nfs & lvm
+Resolves: rhbz#2062183
+- Allow dhcpd_t domain to read network sysctls.
+Resolves: rhbz#2059509
+- Allow chronyd talk with unconfined user over unix domain dgram socket
+Resolves: rhbz#2065313
+- Allow fenced read kerberos key tables
+Resolves: rhbz#1964839
 
 * Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
 - Allow hostapd talk with unconfined user over unix domain dgram socket
-Resolves: rhbz#2064284
+Resolves: rhbz#2068007
 
 * Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
 - Allow chronyd send a message to sosreport over datagram socket
 - Allow systemd-logind dbus chat with sosreport
-Resolves: rhbz#1949493
+Resolves: rhbz#2062607
 
 * Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
 - Allow systemd-networkd dbus chat with sosreport