diff --git a/selinux-policy.spec b/selinux-policy.spec
index d3c93ba1..3230dc59 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164
+%global commit 30654cfd4d8c2949d8c5c2c5b56655045ae3c7b7
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -792,6 +792,26 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 19 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-22
+- Allow systemd-sleep get attributes of fixed disk device nodes
+- Complete initial policy for systemd-coredump
+- Label SDC(scini) Dell Driver
+- Allow upowerd to send syslog messages
+- Remove the disk write permissions from tlp_t
+- Label NVMe devices as fixed_disk_device_t
+- Allow rhsmcertd bind tcp sockets to a generic node
+- Allow systemd-importd manage machines.lock file
+- Allow unconfined integrity lockdown permission
+- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined
+- Allow systemd-machined manage systemd-userdbd runtime sockets
+- Enable systemd-sysctl domtrans for udev
+- Introduce kernel_load_unsigned_module interface and use it for couple domains
+- Allow gpg watch user gpg secrets dirs
+- Build also the container module in CI
+- Remove duplicate code from kernel.te
+- Allow restorecond to watch all non-auth directories
+- Allow restorecond to watch its config file
+
 * Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-21
 - Allow unconfined integrity lockdown permission
 - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined
diff --git a/sources b/sources
index fc948e9c..6ef9b49d 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb
-SHA512 (container-selinux.tgz) = dd7b52f74d44047f0e6ceea1a10755eae2ac661660d2192ece0ceb4a9ae65ad580868f39718d3f7028b7d22eddde33440b9e1ef0f0260714daa21221ca701b41
+SHA512 (selinux-policy-30654cf.tar.gz) = 99d0f364ec6e047391b026b2e64b53b763a17ecb742fb75cb39bb3fffe65f3f834506e0c7a35f8e4fb664ee60bf23e769fd7284ba041a3dd887d3074e8bce6a3
+SHA512 (container-selinux.tgz) = 0bdf939a5c4f5ab4b973f8f9b39c3dd3fcebd3dc660428904c055bd78fc3af1603514c8f44fc16579e1e254cae052f44dbd89c395c02a09cfbf0dc2f7356848e
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4