diff --git a/.gitignore b/.gitignore
index 2064ebb..d08fee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -464,3 +464,5 @@ serefpolicy*
 /selinux-policy-6d96694.tar.gz
 /selinux-policy-contrib-22a7272.tar.gz
 /selinux-policy-7dd92fd.tar.gz
+/selinux-policy-contrib-2a1096a.tar.gz
+/selinux-policy-427796e.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 568566a..4f280fb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 7dd92fda6b04b5c90feb038aabefb728a8773750
+%global commit0 427796e812ddf1284b6f78f41efd8137fe26f2f0
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 22a72723552b1c4bc6dd42f7f55fd9dd42426c3c
+%global commit1 2a1096a616c714d0bc4eb0d94e42ccab369c0db5
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.6
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -784,6 +784,43 @@ exit 0
 %endif
 
 %changelog
+* Fri Jun 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-17
+- Allow pdns server to read system state
+- Allow irqbalance nnp_transition
+- Fix description tag for the sssd_connect_all_unreserved_ports tunable
+- Allow journalctl process set its resource limits
+- Add sssd_access_kernel_keys tunable to conditionally access kernel keys
+- Make keepalived work with network namespaces
+- Create sssd_connect_all_unreserved_ports boolean
+- Allow hypervkvpd to request kernel to load a module
+- Allow systemd_private_tmp(dirsrv_tmp_t)
+- Allow microcode_ctl get attributes of sysfs directories
+- Remove duplicate files_dontaudit_list_tmp(radiusd_t) line
+- Allow radiusd connect to gssproxy over unix domain stream socket
+- Add fwupd_cache_t file context for '/var/cache/fwupd(/.*)?'
+- Allow qemu read and write /dev/mapper/control
+- Allow tlp_t can_exec() tlp_exec_t
+- Dontaudit vpnc_t setting its process scheduling
+- Remove files_mmap_usr_files() call for particular domains
+- Allow dirsrv_t list cgroup directories
+- Crete the kerberos_write_kadmind_tmp_files() interface
+- Allow realmd_t dbus chat with accountsd_t
+- Label systemd-growfs and systemd-makefs       as fsadm_exec_t
+- Allow staff_u and user_u setattr generic usb devices
+- Allow sysadm_t dbus chat with accountsd
+- Modify kernel_rw_key() not to include append permission
+- Add kernel_rw_key() interface to access to kernel keyrings
+- Modify systemd_delete_private_tmp() to use delete_*_pattern macros
+- Allow systemd-modules to load kernel modules
+- Add cachefiles_dev_t as a typealias to cachefiles_device_t
+- Allow libkrb5 lib read client keytabs
+- Allow domain mmap usr_t files
+- Remove files_mmap_usr_files() call for systemd domains
+- Allow sshd write to kadmind temporary files
+- Do not audit staff_t and user_t attempts to manage boot_t entries
+- Add files_dontaudit_manage_boot_dirs() interface
+- Allow systemd-tty-ask-password-agent read efivarfs files
+
 * Thu Jun 25 2020 Adam Williamson <awilliam@redhat.com> - 3.14.6-16
 - Fix scriptlets when /etc/selinux/config does not exist
 
diff --git a/sources b/sources
index 13a9611..6625e9d 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-22a7272.tar.gz) = c379dbd32627dd0d04a98f95d7291a9e5ab24932ebaaf065f8b5ccc941b23e36235a3e5ae9b78ee96e0fda28f2fc26bdfead6645e0925dd94856b47b6b66e60b
-SHA512 (selinux-policy-7dd92fd.tar.gz) = 4a61d12d6565d1722a04a16878e48b1f8b74dd43e2f52d66495557e4a77eb0a50cd882f619a6f0d8c038ff64d38219fba06bce7f883aca86bf308d8a89340549
+SHA512 (selinux-policy-contrib-2a1096a.tar.gz) = 1cfbde139b1343b64938cdbb047e11c5ce7a76b9476de2ec3f9803dcd9441c108cbada4bc47ba4c44fe78f281997b12cb7db13b1eee75c4bef3e55c2093bb2b2
+SHA512 (selinux-policy-427796e.tar.gz) = 01dd45439da3472f4b41bd6bd4226f70557a3453b7ff296df1af900dad2a1d94c5299f0c192af033e676a3c3fe8c9b11b9a1fca57da3ad5c66185f533bd3e3d6
+SHA512 (container-selinux.tgz) = e65c8e027ea4b07e4f257a8a297629622118155244d4ebe62186b4fb1e00218cbb5a1d5ff67f258f69d36ee45d5889bd73f61b6911defa29e5d5ec0b5c5be9bf
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 521d0028bf2140be7586ab39f4ac99c136cf8559506f9b755beb3ac50bd4de474430848c322d0917c7f9a1230ecc4d93704e12fefb19a64b5089456fc047438c