diff --git a/.gitignore b/.gitignore
index 3131831..d9e9986 100644
--- a/.gitignore
+++ b/.gitignore
@@ -299,3 +299,5 @@ serefpolicy*
 /selinux-policy-0083cd1.tar.gz
 /selinux-policy-contrib-39a8058.tar.gz
 /selinux-policy-f840baf.tar.gz
+/selinux-policy-6d6b959.tar.gz
+/selinux-policy-contrib-d262cac.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 455e971..1a1110a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 f840bafa1c40af3aa9956979b7116f2c9a187724
+%global commit0 6d6b95972bbfad687f0540e413706c06ac4b7b9d
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 39a80580b403a3f712a046d60f05d12e0a024bed
+%global commit1 d262cac8025b415e5b3865ddc2d740c7d10b2f54
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.1
-Release: 36%{?dist}
+Release: 37%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -718,6 +718,23 @@ exit 0
 %endif
 
 %changelog
+* Sun Jul 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-37
+- Allow sblim_sfcbd_t domain to mmap own tmpfs files
+- Allow nfsd_t domain to read krb5 keytab files
+- Allow nfsd_t domain to manage fadm pid files
+- Allow virt_domain to create icmp sockets BZ(1609142)
+- Dontaudit oracleasm_t domain to request sys_admin capability
+- Allow iscsid_t domain to load kernel module
+- Allow aide to mmap all files
+- Revert "Allow firewalld_t do read iptables_var_run_t files"
+- Revert "Allow firewalld to create rawip sockets"
+- Allow svirt_tcg_t domain to read system state of virtd_t domains
+- Update rhcs contexts to reflects the latest fenced changes
+- Allow httpd_t domain to rw user_tmp_t files
+- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
+- Fixed typo in logging_audisp_domain interface
+- Add interface files_mmap_all_files()
+
 * Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-36
 - Allow aide to mmap all files
 - Revert "Allow firewalld_t do read iptables_var_run_t files"
diff --git a/sources b/sources
index 47977d7..fea5f24 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (container-selinux.tgz) = 95c10da50468e1b51488852ea989536dbab4945809f32f78224ed1fda55e99d2e4eef62106a336090367fc48a8066f1bb49973f54a28c22e05ffa68cebe767e9
-SHA512 (selinux-policy-contrib-39a8058.tar.gz) = 54475ab14a2f5358fdb26a36469bd185f36fd5e4bd0d2cf3af2a79ca72732dabc093180e8203e8d841fceb4a7fa2b3605cb3f5dc787f61e9d114cb7764c7746b
-SHA512 (selinux-policy-f840baf.tar.gz) = c01f6ef04d6f03705cb0a837d055eed547fd23f7ef6c5f610330710a9ffc0a9e4d66891176b73adcba105964d934221c0d08c93976b6e435af94b25a46991e1d
+SHA512 (container-selinux.tgz) = 8d6a6e76a7b60256bd4b19f68d554fab0119f40bcc7bdc07d76547f6a50ca8c8a56b081c96b9ab77105d8f27e96e267aecde8739f6f6a755a09530e6a10f2a49
+SHA512 (selinux-policy-6d6b959.tar.gz) = 80581ed1867e6e4ca6b3a691f03aee40946f7b2784ccb107b44f5e3008271a3c81af7111afd063c60c74c0360c784e1e3b429d3656bf1bb662094e1cd9b60906
+SHA512 (selinux-policy-contrib-d262cac.tar.gz) = a235aed725971d21fda4dc9ede5567d779e55e527175e72a055be31fce4a7c52138cff2b3db3fe8a542471bf4a618fcada0ff8325acfe4c7325ded4818f960b5