* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 38.25-1

- ci: Move srpm/rpm build to packit
- .copr: Avoid subshell and changing directory
- Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
- Make insights_client_t an unconfined domain
- Allow insights-client manage user temporary files
- Allow insights-client create all rpm logs with a correct label
- Allow insights-client manage generic logs
- Allow cloud_init create dhclient var files and init_t manage net_conf_t
- Allow insights-client read and write cluster tmpfs files
- Allow ipsec read nsfs files
- Make tuned work with mls policy
- Remove nsplugin_role from mozilla.if
- allow mon_procd_t self:cap_userns sys_ptrace
- Allow pdns name_bind and name_connect all ports
- Set the MLS range of fsdaemon_t to s0 - mls_systemhigh
- ci: Move to actions/checkout@v3 version
- .copr: Replace chown call with standard workflow safe.directory setting
- .copr: Enable `set -u` for robustness
- .copr: Simplify root directory variable

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit d71265e00b14d67d5df685484975fc66ec340804
+%global commit 77e7428bf98c645389b8efaf61a2c3ed6e2441d8
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.24
+Version: 38.25
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -814,6 +814,28 @@ exit 0
 %endif
 
 %changelog
+* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 38.25-1
+- ci: Move srpm/rpm build to packit
+- .copr: Avoid subshell and changing directory
+- Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file
+- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
+- Make insights_client_t an unconfined domain
+- Allow insights-client manage user temporary files
+- Allow insights-client create all rpm logs with a correct label
+- Allow insights-client manage generic logs
+- Allow cloud_init create dhclient var files and init_t manage net_conf_t
+- Allow insights-client read and write cluster tmpfs files
+- Allow ipsec read nsfs files
+- Make tuned work with mls policy
+- Remove nsplugin_role from mozilla.if
+- allow mon_procd_t self:cap_userns sys_ptrace
+- Allow pdns name_bind and name_connect all ports
+- Set the MLS range of fsdaemon_t to s0 - mls_systemhigh
+- ci: Move to actions/checkout@v3 version
+- .copr: Replace chown call with standard workflow safe.directory setting
+- .copr: Enable `set -u` for robustness
+- .copr: Simplify root directory variable
+
 * Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 38.24-1
 - Allow rhsmcertd dbus chat with policykit
 - Allow polkitd execute pkla-check-authorization with nnp transition

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-d71265e.tar.gz) = 2edd7b54a715989f95aba334b72b06f037e37e28ed72116e8e84d5179d6bf55e0f3f3caf20d8c5c6d477358e99e8dc63de23f7122728b5b74aaff3e9189465e5
+SHA512 (selinux-policy-77e7428.tar.gz) = c0d65f956dcce0231a9a7936035eca3a71162727d533f5e0aee5a210b49393ccc6f3048d08dfee7882fca6682755ce16e016842b1e1724e6bb6d6485040b62f4
+SHA512 (container-selinux.tgz) = 0daa315c81b23885be0cebcd24b4601d72f40133476ecbfd0462d42ec13ab9101cd5ff76150ef8272cbfb2d67f269b6b4c47c0225c12513e04c90ccd6066042e
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 1cd098756d09e4cae219271e67fb709dcd6851db94b1539a15aa582cc8dfc3a186f5d84a216da97e8ec4986dc03ff60e001f5ca8b1dbc9247e08da949665da8a