diff --git a/.gitignore b/.gitignore
index 73b701f..7fdc123 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-420bacb.tar.gz
-SOURCES/selinux-policy-contrib-876387c.tar.gz
+SOURCES/selinux-policy-13afa66.tar.gz
+SOURCES/selinux-policy-contrib-4221121.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index c1bc4dd..754698f 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-a5fc34a7fbfd13a2b86609bdea0bcc2b312163d1 SOURCES/container-selinux.tgz
-3756201d4d69bb4834cfaac8aff3398a1d8b482c SOURCES/selinux-policy-420bacb.tar.gz
-4de0c405f689cec37c49a8fc5054990f0fa27007 SOURCES/selinux-policy-contrib-876387c.tar.gz
+b314e3dd86901e3eac1b9f45dc87550764339875 SOURCES/container-selinux.tgz
+dbc37c4f43c34a5e0a3dfb816b41476dc1c4005a SOURCES/selinux-policy-13afa66.tar.gz
+168cee2e06d02873b674db2681a901cd9a399b69 SOURCES/selinux-policy-contrib-4221121.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 5cd9c1b..225cc51 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 420bacb2c1f970da8f6b71d3338c1968bc1926db
+%global commit0 13afa66082aa47acba05fffbf1348b1be22c7f8c
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 876387c1df207a8364eacd41e6c0b89d13bba8c3
+%global commit1 42211213de1e0296bf2c16d6dc30af33e2c157c1
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 48%{?dist}
+Release: 49%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,20 @@ exit 0
 %endif
 
 %changelog
+* Thu Jul 09 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-49
+- Additional support for keepalived running in a namespace
+Resolves: rhbz#1815281
+- Allow keepalived manage its private type runtime directories
+Resolves: rhbz#1815281
+- Run ipa_helper_noatsecure(oddjob_t) only if the interface exists
+Resolves: rhbz#1853432
+- Allow oddjob_t process noatsecure permission for ipa_helper_t
+Resolves: rhbz#1853432
+- Allow domain dbus chat with systemd-resolved
+Resolves: rhbz#1852378
+- Define file context for /var/run/netns directory only
+Related: rhbz#1815281
+
 * Mon Jun 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-48
 - Allow systemd_private_tmp(dirsrv_tmp_t) instead of dirsrv_t
 Resolves: rhbz#1836820