diff --git a/.gitignore b/.gitignore
index ac778da7..c26a7023 100644
--- a/.gitignore
+++ b/.gitignore
@@ -237,3 +237,5 @@ serefpolicy*
 /container-selinux.tgz
 /selinux-policy-contrib-a749579.tar.gz
 /selinux-policy-f6aa4d6.tar.gz
+/selinux-policy-cc4a892.tar.gz
+/selinux-policy-contrib-68a780b.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 133226c0..d4fa8d43 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 f6aa4d68bc434c2f616e8f6f5f98a8eb3647ba8b
+%global commit0 cc4a89232bf2da1ca582fcd25003b83274f691d9
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 a749579c81a5a96ce238ad7f6b29a32e4d325e93
+%global commit1 68a780b819ad5aa501d9f9a5e043c92628839a06
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -719,6 +719,21 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-2
+- Allow aide to mmap usr_t files BZ(1534182)
+- Allow ypserv_t domain to connect to tcp ports BZ(1534245)
+- Allow vmtools_t domain creating vmware_log_t files
+- Allow openvswitch_t domain to acces infiniband devices
+- Allow dirsrv_t domain to create tmp link files
+- Allow pcp_pmie_t domain to exec itself. BZ(153326)
+- Update openvswitch SELinux module
+- Allow virtd_t to create also sock_files with label virt_var_run_t
+- Allow chronyc_t domain to manage chronyd_keys_t files.
+- Allow logwatch to exec journal binaries BZ(1403463)
+- Allow sysadm_t and staff_t roles to manage user systemd services BZ(1531864)
+- Update logging_read_all_logs to allow mmap all logfiles BZ(1403463)
+- Add Label systemd_unit_file_t for /var/run/systemd/units/
+
 * Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-1
 - Removed big SELinux policy patches against tresys refpolicy and use tarballs from fedora-selinux github organisation
 
diff --git a/sources b/sources
index b7cc3f5f..18527c0f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,2 @@
-SHA512 (selinux-policy-contrib-a749579.tar.gz) = 5fd516d4c4b7afb3247fb143cfb24ea80129bf25780c0b0f4d51c650a88575bd9413731deb968c080a4589aaa40c42fc3fd1ca0f7e3968bcc0c6884664e5d7e7
-SHA512 (selinux-policy-f6aa4d6.tar.gz) = 5a2c14e9df0aa1808dc706b709249d524fa27083bd782faa7d58cb2ed72c728101b8ea1ee084d87e4a763892a13857d2acac257e1dc32df733d5a902b68d13f1
-SHA512 (container-selinux.tgz) = cfe5be85951c9ca03e6ba3528c678725fcaac6550dd0c03737fbb50078f2a6d42c6fd5b6a81914cee90e4a9a173bcbb62981a17423db2a1f88b0ac7fd472cad8
+SHA512 (selinux-policy-cc4a892.tar.gz) = 7e3876249bc0659739f6edcfe4f4053d503c7f4e09a895463adf838cc722dca9e92af65f62b1e8fed3371408b0326b79eebb232ce7f8868c5c88c31e600a36d6
+SHA512 (selinux-policy-contrib-68a780b.tar.gz) = 17680ca2c6f49ea253e219346017d80b21edc8efaf94cec576073f49ab3ad7902e61ecef97bfcccf180921b14de60cea74443753381efcdd272ecba1bbf0199e