diff --git a/.gitignore b/.gitignore
index 032d3b2..9f69b6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-f8603bf.tar.gz
+SOURCES/selinux-policy-de5ea82.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 31d3b5f..923c484 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,2 +1,2 @@
-ecbdf855821611f11af9ed0b83de3b8885476b4e SOURCES/container-selinux.tgz
-e8b2b88e89a8a8b4eea4876e5787267d31f51964 SOURCES/selinux-policy-f8603bf.tar.gz
+f4084f87f301c662b3c7f0937a96e5addb89fb01 SOURCES/container-selinux.tgz
+1e340f4b3ef619edab09b10372f635b55c049933 SOURCES/selinux-policy-de5ea82.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 8715cfb..5026c57 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit f8603bf025badb70f5a87d6d5687516c5ee0669d
+%global commit de5ea8200829c50379eb2242ae9866748409551a
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 38.1.11
-Release: 2%{?dist}.2
+Release: 2%{?dist}.3
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -809,6 +809,26 @@ exit 0
 %endif
 
 %changelog
+* Mon Jun 05 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.11-2.3
+- Allow insights-client get quotas of all filesystems
+Resolves: rhbz#2203797
+- Allow insights-client read unconfined service semaphores
+Resolves: rhbz#2203797
+- Allow insights-client work with teamdctl
+Resolves: rhbz#2203797
+- Allow insights-client read all sysctls
+Resolves: rhbz#2203797
+- Allow insights-client manage fsadm pid files
+Resolves: rhbz#2203797
+- Allow insights-client work with su and lpstat
+Resolves: rhbz#2203797
+- Allow insights-client tcp connect to all ports
+Resolves: rhbz#2203797
+- Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t
+Resolves: rhbz#2203797
+- Allow cloud-init manage gpg admin home content
+Resolves: rhbz#2203797
+
 * Mon Apr 24 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.11-2.2
 - rebuilt
 Resolves: rhbz#2188391