diff --git a/selinux-policy.spec b/selinux-policy.spec
index efbfe8e..bd6de0f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 3be93dd945e6ff08b4b94a047e750d151c017ece
+%global commit 6d8fb622f60641e3d93b0355cb2aba4c881114a3
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 39.5
+Version: 39.6
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -814,6 +814,19 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 23 2024 Zdenek Pytela <zpytela@redhat.com> - 39.6-1
+- Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
+- Allow auditd read all domains process state
+- Allow keyutils-dns-resolver connect to the system log service
+- dontaudit execmem for modemmanager
+- Dontaudit systemd-hwdb dac_override capability
+- Allow plymouthd log during shutdown
+- Allow journalctl_t read filesystem sysctls
+- Replace init domtrans rule for confined users to allow exec init
+- Allow sulogin relabel tty1
+- Dontaudit sulogin the checkpoint_restore capability
+- Allow wireguard work with firewall-cmd
+
 * Tue Feb 27 2024 Zdenek Pytela <zpytela@redhat.com> - 39.5-1
 - Allow userdomain get attributes of files on an nsfs filesystem
 - Allow login_userdomain map files in /var
diff --git a/sources b/sources
index 19a7ecb..ab3f125 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-3be93dd.tar.gz) = 78a2d997ce8844e85dc7fcd051b85c85210361e608767005934f4d7465ef55bd8f52ad67a2d83aaeba2be0b8f784c895fb19688ee6da200d70c7b599f79d2d46
-SHA512 (container-selinux.tgz) = eb1a4c445f8eb03b185fcd763780036d0517f6534c5ea314eeab20c8d70806b829dcde932d5748970ea95ae581a0dcc02c2dbf78c9abd1272783b118c0189372
+SHA512 (selinux-policy-6d8fb62.tar.gz) = d98c8ce207f2690cf16335bb7350947dbf3a7b7b0e363cf2ae7cdd058219e8742868cec122d2badd09974ee32cbd9dd5652b32123704801acd3113eb6711c0f7
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = f9839e14951b76d9188a8d9a78bbb28c14d9f9825173c9fd79f54a26bb983f2572faf86989063515922fcb4f1025bc5b13454d935140d892c99e2e42657b9455