diff --git a/selinux-policy.spec b/selinux-policy.spec
index 52d63533..440e0596 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit e3da92314ccfcc7b263aa44d0c9f824703df197c
+%global commit 485578ca5fa9c5c4613a5e2af687d6ffba9785ab
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 25%{?dist}
+Release: 28%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -792,6 +792,32 @@ exit 0
 %endif
 
 %changelog
+* Fri Mar 26 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-28
+- Allow arpwatch_t create netlink generic socket
+- Allow postgrey read network state
+- Add watch_mount_dirs_pattern file pattern
+- Allow bluetooth_t dbus chat with fwupd_t
+- Allow xdm_t watch accountsd lib directories
+- Add additional interfaces for watching /boot
+- Allow sssd_t get attributes of tmpfs filesystems
+- Allow local_login_t get attributes of tmpfs filesystems
+
+* Tue Mar 23 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-27
+- Dontaudit domain the fowner capability
+- Extend fs_manage_nfsd_fs() to allow managing dirs as well
+- Allow spice-vdagentd watch systemd-logind session dirs
+
+* Fri Mar 19 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-26
+- Allow xdm_t watch systemd-logind session dirs
+- Allow xdm_t transition to system_dbusd_t
+- Allow confined users login into graphic session
+- Allow login_userdomain watch systemd login session dirs
+- install_t: Allow NoNewPriv transition from systemd
+- Remove setuid/setgid capabilities from mysqld_t
+- Add context for new mariadbd executable files
+- Allow netutils_t create netlink generic socket
+- Allow systemd the audit_control capability conditionally
+
 * Thu Mar 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-25
 - Allow polkit-agent-helper-1 read logind sessions files
 - Allow polkit-agent-helper read init state
diff --git a/sources b/sources
index e63a7496..014fa710 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-e3da923.tar.gz) = d3963ff469fc1dd8d5fb525cc78276109a1220fe528839549c74a1d9676d0fe481926718a40c1bf0062b6823730200a2d69141c8ece3c07ed1f9e12d2b4a2fb7
-SHA512 (container-selinux.tgz) = 08ed5d509c792cb4228df34e1adc75e8720b65c73850cf4be7786384e7f6d752a2218f1a4c40eee9e8acbbd273a9e4ec2382e3830114619e6f58c322fa9f476b
+SHA512 (selinux-policy-485578c.tar.gz) = 73eecdc99968676d8db4357c7b6fb77a929d7afba84725481185acb925ba2619a47cab900c62ff5e0d9bd016e8a3de7c38ebb5284f43a8cb00b6409976de9531
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = 269b29e3829df8d0cc731f9b2739844d0fca8e566ec5c67ee855c43ac5d2361684ca9964c3e8cbfebd5d06f3c5d510b5c85e9e92e0726915d6801d912afd77e8