diff --git a/.gitignore b/.gitignore
index dbd5186..7927dee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-642155b.tar.gz
-SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz
+SOURCES/selinux-policy-9db72ed.tar.gz
+SOURCES/selinux-policy-contrib-5e2c252.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 7d300f0..ea1df3e 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-e531ed72bd4055f40cb0152b1f81842c96af37c5 SOURCES/container-selinux.tgz
-26b6cee1e1baf47309bfc5055781869abb589a2d SOURCES/selinux-policy-642155b.tar.gz
-17a4e399dbf5dd7266a5bf3904aad633e3889351 SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz
+37036a3f9ec27f942a2b186db25f3c0551784c4e SOURCES/container-selinux.tgz
+d9e66219a3c1a29e8af4da26ed471297d3281fcc SOURCES/selinux-policy-9db72ed.tar.gz
+dd2ac90c589a5a5110bf578b014754b69f2232c7 SOURCES/selinux-policy-contrib-5e2c252.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index f7b074a..1826dad 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 642155b226a48d3edbdc1a13fb9a9fece74140f7
+%global commit0 9db72ed4345b0f26e798cb301f306fb4ee303844
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 0e4a7a0e5879fd49a239fb71e000c4967fe98eca
+%global commit1 5e2c252146f379cd25df50de97816f6771d9d79b
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 93%{?dist}
+Release: 107%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -148,7 +148,7 @@ SELinux policy development and man page package
 %{_usr}/share/selinux/devel/Makefile
 %{_usr}/share/selinux/devel/example.*
 %{_usr}/share/selinux/devel/policy.*
-%ghost %{_sharedstatedir}/sepolgen/interface_info
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
 
 %post devel
 selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null 
@@ -717,6 +717,226 @@ exit 0
 %endif
 
 %changelog
+* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
+- Label 319/udp port with ptp_event_port_t
+Resolves: rhbz#2118628
+- Allow unconfined and sysadm users transition for /root/.gnupg
+Resolves: rhbz#2119507
+- Add the kernel_read_proc_files() interface
+Resolves: rhbz#2119507
+- Add userdom_view_all_users_keys() interface
+Resolves: rhbz#2119507
+- Allow system_cronjob_t domtrans to rpm_script_t
+Resolves: rhbz#2118362
+- Allow smbd_t process noatsecure permission for winbind_rpcd_t
+Resolves: rhbz#2117199
+- Allow chronyd bind UDP sockets to ptp_event ports
+Resolves: rhbz#2118628
+- Allow samba-bgqd to read a printer list
+Resolves: rhbz#2118958
+- Add gpg_filetrans_admin_home_content() interface
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution
+Resolves: rhbz#2119507
+- Allow gpg read and write generic pty type
+Resolves: rhbz#2119507
+- Allow chronyc read and write generic pty type
+Resolves: rhbz#2119507
+- Disable rpm verification on interface_info
+Resolves: rhbz#2119472
+
+* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
+- Allow networkmanager to signal unconfined process
+Resolves: rhbz#1918148
+- Allow sa-update to get init status and start systemd files
+Resolves: rhbz#2011239
+- Allow samba-bgqd get a printer list
+Resolves: rhbz#2114737
+- Allow insights-client rpm named file transitions
+Resolves: rhbz#2104913
+- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
+Resolves: rhbz#2104913
+- Use insights_client_filetrans_named_content
+Resolves: rhbz#2104913
+- Make default file context match with named transitions
+Resolves: rhbz#2104913
+- Allow rhsmcertd to read insights config files
+Resolves: rhbz#2104913
+- Label /etc/insights-client/machine-id
+Resolves: rhbz#2104913
+
+* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
+- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
+Resolves: rhbz#2108383
+- Update winbind_rpcd_t
+Resolves: rhbz#2108383
+- Allow irqbalance file transition for pid sock_files and directories
+Resolves: rhbz#2111916
+- Update irqbalance runtime directory file context
+Resolves: rhbz#2111916
+
+* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
+- Update samba-dcerpcd policy for kerberos usage 2
+Resolves: rhbz#2096825
+
+* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
+- Allow domain read usermodehelper state information
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls
+Resolves: rhbz#2083504
+- Allow samba-dcerpcd work with sssd
+Resolves: rhbz#2096825
+- Allow winbind_rpcd_t connect to self over a unix_stream_socket
+Resolves: rhbz#2096825
+- Update samba-dcerpcd policy for kerberos usage
+Resolves: rhbz#2096825
+- Allow keepalived read the contents of the sysfs filesystem
+Resolves: rhbz#2098189
+- Update policy for samba-dcerpcd
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls 2/2
+Resolves: rhbz#2083504
+- Update insights_client_filetrans_named_content()
+Resolves: rhbz#2091117
+
+* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
+- Allow transition to insights_client named content
+Resolves: rhbz#2091117
+- Add the insights_client_filetrans_named_content() interface
+Resolves: rhbz#2091117
+- Update policy for insights-client to run additional commands 3
+Resolves: rhbz#2091117
+
+* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
+- Add the init_status_config_transient_files() interface
+Resolves: rhbz#2091117
+- Allow init_t to rw insights_client unnamed pipe
+Resolves: rhbz#2091117
+- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
+Resolves: rhbz#2091117
+- Allow insights-client get status of the systemd transient scripts
+Resolves: rhbz#2091117
+- Allow insights-client execute its private memfd: objects
+Resolves: rhbz#2091117
+- Update policy for insights-client to run additional commands 2
+Resolves: rhbz#2091117
+- Do not call systemd_userdbd_stream_connect() for insights-client
+Resolves: rhbz#2091117
+- Use insights_client_tmp_t instead of insights_client_var_tmp_t
+Resolves: rhbz#2091117
+- Change space indentation to tab in insights-client
+Resolves: rhbz#2091117
+- Use socket permissions sets in insights-client
+Resolves: rhbz#2091117
+- Update policy for insights-client to run additional commands
+Resolves: rhbz#2091117
+- Change rpm_setattr_db_files() to use a pattern
+Resolves: rhbz#2091117
+- Add rpm setattr db files macro
+Resolves: rhbz#2091117
+- Fix insights client
+Resolves: rhbz#2091117
+- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
+Resolves: rhbz#2091117
+
+* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
+- Update logging_create_generic_logs() to use create_files_pattern()
+Resolves: rhbz#2081907
+- Add the auth_read_passwd_file() interface
+Resolves: rhbz#2083504
+- Allow auditd_t noatsecure for a transition to audisp_remote_t
+Resolves: rhbz#2081907
+- Add support for samba-dcerpcd
+Resolves: rhbz#2083504
+- Allow rhsmcertd create generic log files
+Resolves: rhbz#1852086
+- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
+Resolves: rhbz#2090800
+
+* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
+- Allow ifconfig_t domain to manage vmware logs
+Resolves: rhbz#1721943
+- Allow insights-client manage gpg admin home content
+Resolves: rhbz#2060834
+- Add the gpg_manage_admin_home_content() interface
+Resolves: rhbz#2060834
+- Label /var/cache/insights with insights_client_cache_t
+Resolves: rhbz#2063195
+- Allow insights-client search gconf homedir
+Resolves: rhbz#2087069
+- Allow insights-client create and use unix_dgram_socket
+Resolves: rhbz#2087069
+- Label more vdsm utils with virtd_exec_t
+Resolves: rhbz#2063871
+- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
+Resolves: rhbz#2063871
+- Allow sblim-gatherd the kill capability
+Resolves: rhbz#2082677
+- Allow privoxy execmem
+Resolves: rhbz#2083940
+
+* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
+- Allow sysadm user execute init scripts with a transition
+Resolves: rhbz#2039662
+- Change invalid type redisd_t to redis_t in redis_stream_connect()
+Resolves: rhbz#1897517
+- Allow php-fpm write access to /var/run/redis/redis.sock
+Resolves: rhbz#1897517
+- Allow sssd read systemd-resolved runtime directory
+Resolves: rhbz#2060721
+- Allow postfix stream connect to cyrus through runtime socket
+Resolves: rhbz#2066005
+- Allow insights-client create_socket_perms for tcp/udp sockets
+Resolves: rhbz#2073395
+- Allow insights-client read rhnsd config files
+Resolves: rhbz#2073395
+- Allow sblim-sfcbd connect to sblim-reposd stream
+Resolves: rhbz#2075810
+- Allow rngd drop privileges via setuid/setgid/setcap
+Resolves: rhbz#2076641
+- Allow rngd_t domain to use nsswitch
+Resolves: rhbz#2076641
+
+* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
+- Create macro corenet_icmp_bind_generic_node()
+Resolves: rhbz#2070870
+- Allow traceroute_t and ping_t to bind generic nodes.
+Resolves: rhbz#2070870
+- Allow administrative users the bpf capability
+Resolves: rhbz#2070983
+- Allow insights-client search rhnsd configuration directory
+Resolves: rhbz#2073395
+- Allow ntlm_auth read the network state information
+Resolves: rhbz#2073349
+- Allow keepalived setsched and sys_nice
+Resolves: rhbz#2008033
+- Revert "Allow administrative users the bpf capability"
+Resolves: rhbz#2070983
+
+
+* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
+- Add interface rpc_manage_exports
+Resolves: rhbz#2062183
+- Allow sshd read filesystem sysctl files
+Resolves: rhbz#2061403
+- Update targetd nfs & lvm
+Resolves: rhbz#2062183
+- Allow dhcpd_t domain to read network sysctls.
+Resolves: rhbz#2059509
+- Allow chronyd talk with unconfined user over unix domain dgram socket
+Resolves: rhbz#2065313
+- Allow fenced read kerberos key tables
+Resolves: rhbz#1964839
+
+* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
+- Allow hostapd talk with unconfined user over unix domain dgram socket
+Resolves: rhbz#2068007
+
+* Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
+- Allow chronyd send a message to sosreport over datagram socket
+- Allow systemd-logind dbus chat with sosreport
+Resolves: rhbz#2062607
+
 * Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
 - Allow systemd-networkd dbus chat with sosreport
 Resolves: rhbz#1949493