diff --git a/.gitignore b/.gitignore
index 8c4174a..1e4fce9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-contrib-fd10e7c.tar.gz
-SOURCES/selinux-policy-db25c0e.tar.gz
+SOURCES/selinux-policy-8d1a96d.tar.gz
+SOURCES/selinux-policy-contrib-f3211b5.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index f9fba18..1174075 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-96c4e7788edd3c312cf691480a58bb403d0a13ef SOURCES/container-selinux.tgz
-b3cd1635dfa8d9c1e2a207cad5df4682771d85b6 SOURCES/selinux-policy-contrib-fd10e7c.tar.gz
-4ddf11da780b6eaa124536869c85baec229640c1 SOURCES/selinux-policy-db25c0e.tar.gz
+06478bf63e74d423c31bb0c53edf719f7df63ddc SOURCES/container-selinux.tgz
+832cd73e46beab5d8046c7b3a5754c645edd1634 SOURCES/selinux-policy-8d1a96d.tar.gz
+eb1855b018df25e33ef7234048c32acc58d4df0b SOURCES/selinux-policy-contrib-f3211b5.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 59e5256..186c4cd 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 db25c0eff1c59aff96dd7d14e5d3043dae2aee9e
+%global commit0 8d1a96d5f0e72ebf7a3f5f5930db644af91e4abe
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 fd10e7cb92ddfd82248e1c8f5f68eadfbd74b4f7
+%global commit1 f3211b540925d040fb1d21b4ff33ea65119169a6
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 54%{?dist}
+Release: 56%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,38 @@ exit 0
 %endif
 
 %changelog
+* Thu Nov 12 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-56
+- Let keepalived bind a raw socket
+Resolves: rhbz#1895130
+- Add fetchmail_uidl_cache_t type for /var/mail/.fetchmail.pid
+Resolves: rhbz#1853389
+- Allow arpwatch create and use rdma socket
+Resolves: rhbz#1843409
+- Set correct default file context for /usr/libexec/pcp/lib/*
+Resolves: rhbz#1886369
+- Allow systemd-logind manage efivarfs files
+Resolves: rhbz#1869979
+- Allow systemd_resolved_t to read efivarfs
+Resolves: rhbz#1869979
+- Allow systemd_modules_load_t to read efivarfs
+Resolves: rhbz#1869979
+- Allow read efivarfs_t files by domains executing systemctl file
+Resolves: rhbz#1869979
+- Introduce systemd_read_efivarfs_type attribute
+Resolves: rhbz#1869979
+
+* Mon Oct 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-55
+- Allow init dbus chat with kernel
+Resolves: rhbz#1694681
+- Confine systemd-sleep service
+Resolves: rhbz#1850177
+- Add default file context for /usr/libexec/pcp/lib/*
+Resolves: rhbz#1886369
+- Allow rtkit_daemon_t to uise sys_ptrace usernamespace capability
+Resolves: rhbz#1873658
+- Add fstools_rw_swap_files() interface
+Resolves: rhbz#1850177
+
 * Thu Sep 17 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-54
 - Allow plymouth sys_chroot capability
 Resolves: rhbz#1869814