diff --git a/.gitignore b/.gitignore
index ae6b040..49245fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -341,3 +341,5 @@ serefpolicy*
 /selinux-policy-contrib-01421de.tar.gz
 /selinux-policy-18ccb6c.tar.gz
 /selinux-policy-contrib-7e2f178.tar.gz
+/selinux-policy-contrib-af9fa4f.tar.gz
+/selinux-policy-108b4cd.tar.gz
diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh
index 2ecd64d..25eb737 100755
--- a/make-rhat-patches.sh
+++ b/make-rhat-patches.sh
@@ -4,7 +4,7 @@ DISTGIT_PATH=$(pwd)
 
 FEDORA_VERSION=rawhide
 DOCKER_FEDORA_VERSION=master
-DISTGIT_BRANCH=master
+DISTGIT_BRANCH=f30
 REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
 REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
 REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3e5e342..b88d16b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 18ccb6cef4e6c0b8709a3ccca6999a327fad4b95
+%global commit0 108b4cd659ae333951747a931593a4ecbac89b59
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 7e2f1782919c406a1881c62d49b72bd194e0f991
+%global commit1 af9fa4f244e473c37d955ea0283e44440fcfcd5d
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -706,6 +706,13 @@ exit 0
 %endif
 
 %changelog
+* Mon Feb 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-23
+- Allow openvpn_t domain to set capability BZ(1680276)
+- Update redis_enable_notify() boolean to fix sending e-mail by redis when this boolean is turned on
+- Allow chronyd_t domain to send data over dgram socket
+- Add rolekit_dgram_send() interface
+- Fix bug in userdom_restricted_xwindows_user_template() template to disallow all user domains to access admin_home_t - kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam_var_run_t
+
 * Thu Feb 14 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-22
 - Allow dovecot_t domain to connect to mysql db
 - Add dac_override capability for sbd_t SELinux domain
diff --git a/sources b/sources
index 474a9f8..c19b03c 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-7e2f178.tar.gz) = ba1fd4a3f889828043bd4c85b23190a20e019547e43bac3dc4e492e1026ea09e2b4af81db25e7969cf2e537b0c4f6ce3072595fe4c2abb43ff138dbec940920c
-SHA512 (selinux-policy-18ccb6c.tar.gz) = 4db1f9271f1223af525f21821924044c4ef6ad5ee5e92afd27cbff959c76bc6d26b0e14347b460ab778af1bfc1fe8ed57b61c31cd8acd0fe1db7e347606980f4
-SHA512 (container-selinux.tgz) = 0eab7a9a3d8b5567c0305d10d17af6ceb11bd2215919609c3228af8fa7f36b1829311bc322bd003d830f71d04012170f1a04fa35e7d49b39c0152f1820f3086d
+SHA512 (selinux-policy-contrib-af9fa4f.tar.gz) = 5df20b4e21ee838d4a12e98d558a18c48615640dee61d80b61509f7b62b09507d948d38521a3d6b0a7d643401193b408e90ac7c224cb0fd227ed662428d378ff
+SHA512 (selinux-policy-108b4cd.tar.gz) = e3874bbd612afa31885b852fde1682eec00e58738c6c2f26d0e17169c95501c3d39391ca8bfe04841c7b3d8f7d8067416949c450de17cc02b92819771c8cbc50
+SHA512 (container-selinux.tgz) = 61b051ded605c30f5cf63ce7906c028f48bd77d696ed41a386d79333119ae04f19e4276af5bef0b688177cf6402d76ce4603e6f86e8bef1fd4079dea36646509