* Mon Jan 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.6-1

- Boolean: allow qemu-ga read ssh home directory
- Allow kernel_t to read/write all sockets
- Allow kernel_t to UNIX-stream connect to all domains
- Allow systemd-resolved send a datagram to journald
- Allow kernel_t to manage and have "execute" access to all files
- Fix the files_manage_all_files() interface
- Allow rshim bpf cap2 and read sssd public files
- Allow insights-client work with su and lpstat
- Allow insights-client tcp connect to all ports
- Allow nm-cloud-setup dispatcher plugin restart nm services
- Allow unconfined user filetransition for sudo log files
- Allow modemmanager create hardware state information files
- Allow ModemManager all permissions for netlink route socket
- Allow wg to send msg to kernel, write to syslog and dbus connections
- Allow hostname_t to read network sysctls.
- Dontaudit ftpd the execmem permission
- Allow svirt request the kernel to load a module
- Allow icecast rename its log files
- Allow upsd to send signal to itself
- Allow wireguard to create udp sockets and read net_conf
- Use %autosetup instead of %setup
- Pass -p 1 to %autosetup

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 8b251cf41fa2f3d670f5f84e1298b7a0e549535a
+%global commit 98619aa5ab8e1adf058c1d17c562750d2e7a1e36
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.5
-Release: 2%{?dist}
+Version: 38.6
+Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -813,6 +813,30 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.6-1
+- Boolean: allow qemu-ga read ssh home directory
+- Allow kernel_t to read/write all sockets
+- Allow kernel_t to UNIX-stream connect to all domains
+- Allow systemd-resolved send a datagram to journald
+- Allow kernel_t to manage and have "execute" access to all files
+- Fix the files_manage_all_files() interface
+- Allow rshim bpf cap2 and read sssd public files
+- Allow insights-client work with su and lpstat
+- Allow insights-client tcp connect to all ports
+- Allow nm-cloud-setup dispatcher plugin restart nm services
+- Allow unconfined user filetransition for sudo log files
+- Allow modemmanager create hardware state information files
+- Allow ModemManager all permissions for netlink route socket
+- Allow wg to send msg to kernel, write to syslog and dbus connections
+- Allow hostname_t to read network sysctls.
+- Dontaudit ftpd the execmem permission
+- Allow svirt request the kernel to load a module
+- Allow icecast rename its log files
+- Allow upsd to send signal to itself
+- Allow wireguard to create udp sockets and read net_conf
+- Use %autosetup instead of %setup
+- Pass -p 1 to %autosetup
+
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-8b251cf.tar.gz) = 316680045b699b27d7d50611ec6a2eeccf10901d59935de9130d6f0a2e60835a7603b36d3595adf9aa79a64ece69fd1bc85ae5032216f4032eda8e1448f84211
-SHA512 (container-selinux.tgz) = bca3d764940f9e5fbc3fbbd0e873fed6413447515e397969cab93179fe63e5da0f804b370e2ef70da50bd7431f9e01ad200c574ca654e3637848be21bcc3d0c4
+SHA512 (selinux-policy-98619aa.tar.gz) = b91450b42adae2c9c71e5652a3830abf7fccf4adf32a9895a02563ef792e72d36a68b15bb2a7bc60b8b0ff5ff69683fd2601d89f3a557b1e6f3a301d702e90bd
+SHA512 (container-selinux.tgz) = 84ffa946d6e1a86bc1d67de3ec1815265ad27402ec90fac378bcaa511bc326ad7ba2623c5d80702d3a1bd3d3bb8fc4c231fd757a138b894a265901e030aca871
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4