diff --git a/selinux-policy.spec b/selinux-policy.spec
index 53daafa..45002fb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 8b5e5713ee3f118c3c7d8765f21cb7fd05acdaa5
+%global commit caa6164c1e1115a0028ad89d6f2efb9103364141
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.1.31
+Version: 38.1.32
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -809,6 +809,26 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 15 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.32-1
+- Dontaudit subscription manager setfscreate and read file contexts
+Resolves: RHEL-21635
+- Allow xdm_t to watch and watch_reads mount_var_run_t
+Resolves: RHEL-24841
+- Allow unix dgram sendto between exim processes
+Resolves: RHEL-21902
+- Allow utempter_t use ptmx
+Resolves: RHEL-24946
+- Only allow confined user domains to login locally without unconfined_login
+Resolves: RHEL-1551
+- Add userdom_spec_domtrans_confined_admin_users interface
+Resolves: RHEL-1551
+- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
+Resolves: RHEL-1551
+- Add userdom_spec_domtrans_admin_users interface
+Resolves: RHEL-1551
+- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
+Resolves: RHEL-1551
+
 * Thu Jan 25 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.31-1
 - Allow chronyd-restricted read chronyd key files
 Resolves: RHEL-18219
diff --git a/sources b/sources
index 604d31a..652a626 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-8b5e571.tar.gz) = d41a15c42c58b40f8d23c9b80385ab8c31135703ca281a00c91a9159a62cce8828777a6bee60d33615404e015b90f3e8772fcd3110871f7713dc2f4005c33f4f
-SHA512 (container-selinux.tgz) = b38fb5a99e2abddda5da680a69b9419bf08714b5b30dbe84b546aba0cd42728abd19b503f45a0be879f6c58118174f860d1f288b5d4c1fb9d2b4eb125cef8197
+SHA512 (selinux-policy-caa6164.tar.gz) = f48c03e6d8af684168d5f3b7f321ef25a95203f119b81639c44a180a1e83c50f66bdb9f8ef6c742423d2abb88a51fc599027ed0f59ba85a1116aa17a2fae6ced
+SHA512 (container-selinux.tgz) = 9a79c76e374cdf66ae234fdbf333e7db1f2aec027d3d8d7a8a6304d8bd216121becdbca6cbff89cec5e1ff7221d19306b3ae4641ffaafe280f02520322748f7d
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4