diff --git a/.gitignore b/.gitignore
index 323f47a..0caac17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@
 /container-selinux-f7333f9.tar.gz
 /container-selinux-08bb6e0.tar.gz
 /container-selinux-8f8caa6.tar.gz
+/container-selinux-14f7c51.tar.gz
diff --git a/container-selinux.spec b/container-selinux.spec
index 8095683..c3382fe 100644
--- a/container-selinux.spec
+++ b/container-selinux.spec
@@ -3,7 +3,7 @@
 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
 %if 0%{?fedora}
-%global commit0 8f8caa66c11f8657ebf8ae50d7221ee3a97ac7d3
+%global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac
 %else
 # use upstream's RHEL-1.12 branch for CentOS 7
 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
@@ -35,7 +35,7 @@ Name: container-selinux
 %if 0%{?fedora} || 0%{?centos}
 Epoch: 2
 %endif
-Version: 2.10
+Version: 2.14
 Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
@@ -118,6 +118,25 @@ fi
 %{_datadir}/selinux/*
 
 %changelog
+* Fri May 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.14-1
+- Add labels for crio rename
+- Break container_t rules out to use a separate container_domain
+- Allow containers to be able to set namespaced SYCTLS
+- Allow sandbox containers manage fuse files.
+- Fixes to make container_runtimes work on MLS machines
+- Bump version to allow handling of container_file_t filesystems
+- Allow containers to mount, remount and umount container_file_t file systems
+- Fixes to handle cap_userns
+- Give container_t access to XFRM sockets
+- Allow spc_t to dbus chat with init system
+- Allow spc_t to dbus chat with init system
+- Add rules to allow container runtimes to run with unconfined disabled
+- Add rules to support cgroup file systems mounted into container.
+- Fix typebounds entrypoint problems
+- Fix typebounds problems
+- Add typebounds statement for container_t from container_runtime_t
+- We should only label runc not runc*
+
 * Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1
 - Add rules to allow container runtimes to run with unconfined disabled
 - Add rules to support cgroup file systems mounted into container.
diff --git a/sources b/sources
index 9f28c00..b3c2342 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-SHA512 (container-selinux-08bb6e0.tar.gz) = bba16bd77c6d34982637e4fc874ef1a741df7ca73a85ad1edfece5ae2838409efbe00ea44653acb63c22c6939c7afc72f7882715c9c4657d4427eff6f77d2a35
-SHA512 (container-selinux-8f8caa6.tar.gz) = b273cb85c6afece175d917b043f92d4c126d03eaa4b2ad5c36c0a6430465a127ad25961d26b66730190723a6aefba4a8ffb694ea942c6b4eb5d6ee950b780856
+SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2