diff --git a/.gitignore b/.gitignore
index 3c595ac..944e3a6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-61eb717.tar.gz
-SOURCES/selinux-policy-contrib-b05e8b2.tar.gz
+SOURCES/selinux-policy-19769ed.tar.gz
+SOURCES/selinux-policy-contrib-b9c6eb1.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index bba7eb2..e384319 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-b56406b7fadd4f0af0393a6bc424df47bd07d1f8 SOURCES/container-selinux.tgz
-48f4629f2296bc0464f042d9a740c277b49c17d4 SOURCES/selinux-policy-61eb717.tar.gz
-9e36d7941b0f34b5d6c6887cd5c3fc4d0f9d44b0 SOURCES/selinux-policy-contrib-b05e8b2.tar.gz
+1d2b6a93cd175c199f543bbc9897db87aa2ba4d2 SOURCES/container-selinux.tgz
+e9cad03eba1618c8f1dbfbb55e9be2ad72ff34a0 SOURCES/selinux-policy-19769ed.tar.gz
+b26e936f044a896930cfd4e6dad23a5bec7c842a SOURCES/selinux-policy-contrib-b9c6eb1.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 65bbc8a..c9dd99c 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 61eb71715d2d2f260402c03730245b965a660c23
+%global commit0 19769ed88ef78eb60160d3047bb8e3d8be24bbab
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 b05e8b2ba33639b2e8e26ae4e8b25f497bdb4e5e
+%global commit1 b9c6eb1ef235cf77bdd1565dd0ab3bcedbd38108
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 69%{?dist}
+Release: 70%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,26 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 09 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-70
+- Allow using opencryptoki for ipsec
+Resolves: rhbz#1894132
+- Remove all kernel_getattr_proc() interface calls
+Resolves: rhbz#1967125
+- Allow domain stat /proc filesystem
+Resolves: rhbz#1967125
+- Allow pkcs-slotd create and use netlink_kobject_uevent_socket
+Resolves: rhbz#1969725
+- Label var.lib.opencryptoki.* files and create pkcs_tmpfs_filetrans()
+Resolves: rhbz#1894132
+- Allow using opencryptoki for certmonger
+Resolves: rhbz#1894132
+- install_t: Allow NoNewPriv transition from systemd
+Resolves: rhbz#1955547
+- Remove all kernel_getattr_proc() interface calls
+Resolves: rhbz#1967125
+- Allow httpd_sys_script_t read, write, and map hugetlbfs files
+Resolves: rhbz#1966133
+
 * Wed Jun 02 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-69
 - Add /var/usrlocal equivalency rule
 Resolves: rhbz#1943381