diff --git a/.gitignore b/.gitignore
index 9bd8c34..1a35944 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-c035fdc.tar.gz
-SOURCES/selinux-policy-contrib-2162279.tar.gz
+SOURCES/selinux-policy-8a7c84e.tar.gz
+SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 69b56a5..39ba78e 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-fb3216c990633292e6ca44e69fd50c7c13394c62 SOURCES/container-selinux.tgz
-6fcb48d34c6476b3bd7215aae393f5e5c7a8c25e SOURCES/selinux-policy-c035fdc.tar.gz
-fcfb2c75a40c09732acab1d82f1e4a830bfcc742 SOURCES/selinux-policy-contrib-2162279.tar.gz
+d0e11bf7b5ed075673adf6b4f0a273c85b1c45a8 SOURCES/container-selinux.tgz
+76b2e33f2f4a051d9b2b4bd4b542146ce867846b SOURCES/selinux-policy-8a7c84e.tar.gz
+e03893817cec19f671f3254f424f313af3e3e3ee SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index fd85cbe..1d08611 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 c035fdc00b589155e4b2f4ed3267feddf62b2de3
+%global commit0 8a7c84e9d530d1ef4bea7895c18095254ed0cb2b
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 2162279536c98961aa64913eb5159f1b090ebab4
+%global commit1 3fdedc8e457a69925e40d245785d132185c27fb3
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 108%{?dist}.1
+Release: 108%{?dist}.2
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -717,6 +717,44 @@ exit 0
 %endif
 
 %changelog
+* Tue Feb 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.2
+- Add domain_unix_read_all_semaphores() interface
+Resolves: rhbz#2170510
+- Add interfaces in domain, files, and unconfined modules
+Resolves: rhbz#2170510
+- Allow insights-client manage fsadm pid files
+Resolves: rhbz#2170510
+- Allow insights-client work with su and lpstat
+Resolves: rhbz#2170510
+- Allow insights-client read nvme devices
+Resolves: rhbz#2170510
+- Allow insights-client tcp connect to all ports
+Resolves: rhbz#2170510
+- Add insights additional capabilities
+Resolves: rhbz#2170510
+- Allow insights client work with gluster and pcp
+Resolves: rhbz#2170510
+- Allow insights-client tcp connect to various ports
+Resolves: rhbz#2170510
+- Allow insights-client work with pcp and manage user config files
+Resolves: rhbz#2170510
+- Allow insights-client dbus chat with various services
+Resolves: rhbz#2170510
+- Allow insights-client dbus chat with abrt
+Resolves: rhbz#2170510
+- Allow insights client communicate with cupsd, mysqld, openvswitch, redis
+Resolves: rhbz#2170510
+- Allow insights client read raw memory devices
+Resolves: rhbz#2170510
+- Allow insights-client domain transition on semanage execution
+Resolves: rhbz#2170510
+- Allow insights-client create gluster log dir with a transition
+Resolves: rhbz#2170510
+- Allow insights-client manage generic locks
+Resolves: rhbz#2170510
+- Allow insights-client unix_read all domain semaphores
+Resolves: rhbz#2170510
+
 * Fri Nov 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.1
 - Add the files_map_read_etc_files() interface
 Resolves: rhbz#2136762