diff --git a/.gitignore b/.gitignore
index d54b4bd..1910ae7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-5d6f18f.tar.gz
-SOURCES/selinux-policy-contrib-65b177c.tar.gz
+SOURCES/selinux-policy-59775e9.tar.gz
+SOURCES/selinux-policy-contrib-a825695.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 91e6a2e..5509d24 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-beb26dea9038ecc40cb1e92f65fa2832bc9ca434 SOURCES/container-selinux.tgz
-ecb71250ec9491d12ad3acd487b39e475de601b1 SOURCES/selinux-policy-5d6f18f.tar.gz
-6087025acc754394c384813d199b964d29e168a5 SOURCES/selinux-policy-contrib-65b177c.tar.gz
+44ceb78ea504e2f0229ad0b6b9c1dc9314ada501 SOURCES/container-selinux.tgz
+e8118cb4c39d30c5899422011bfc52cc054078c6 SOURCES/selinux-policy-59775e9.tar.gz
+e6f011ba8529c4441a7d48b56ed6eba85f84d7bc SOURCES/selinux-policy-contrib-a825695.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 57c5361..08a68c6 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 5d6f18f38f1fd64cc724c9fd5feb64433271913a
+%global commit0 59775e92a1b4a872486a406c2a7efee7d5cba406
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 65b177c1bf44d83795e7ee0b2a8731537c393011
+%global commit1 a82569595e2a018eafbfeb195b3d5c416f6fed4d
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 85%{?dist}
+Release: 86%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,28 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 03 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-86
+- Allow sysadm execute sysadmctl in sysadm_t domain using sudo
+Resolves: rhbz#2013749
+- Allow local_login_t get attributes of tmpfs filesystems
+Resolves: rhbz#2015539
+- Allow local_login_t get attributes of filesystems with ext attributes
+Resolves: rhbz#2015539
+- Allow local_login_t domain to getattr cgroup filesystem
+Resolves: rhbz#2015539
+- Allow systemd read unlabeled symbolic links
+Resolves: rhbz#2021835
+- Allow userdomains use pam_ssh_agent_auth for passwordless sudo
+Resolves: rhbz#1917879
+- Allow sudodomains execute passwd in the passwd domain
+Resolves: rhbz#1943572
+- Label authcompat.py with authconfig_exec_t
+Resolves: rhbz#1919122
+- Dontaudit pkcsslotd sys_admin capability
+Resolves: rhbz#2021887
+- Allow lldpd connect to snmpd with a unix domain stream socket
+Resolves: rhbz#1991029
+
 * Tue Dec 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-85
 - Allow unconfined_t to node_bind icmp_sockets in node_t domain
 Resolves: rhbz#2025445