* Mon Jan 10 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.21-1

- Remove the lockdown class from the policy
Resolves: rhbz#2017848
- Revert "define lockdown class and access"
Resolves: rhbz#2017848
- Allow gssproxy access to various system files.
Resolves: rhbz#2026974
- Allow gssproxy read, write, and map ica tmpfs files
Resolves: rhbz#2026974
- Allow gssproxy read and write z90crypt device
Resolves: rhbz#2026974
- Allow sssd_kcm read and write z90crypt device
Resolves: rhbz#2026974
- Allow abrt_domain read and write z90crypt device
Resolves: rhbz#2026974
- Allow NetworkManager read and write z90crypt device
Resolves: rhbz#2026974
- Allow smbcontrol read the network state information
Resolves: rhbz#2038157
- Allow virt_domain map vhost devices
Resolves: rhbz#2035702
- Allow fcoemon request the kernel to load a module
Resolves: rhbz#2034463
- Allow lldpd connect to snmpd with a unix domain stream socket
Resolves: rhbz#2033315
- Allow ModemManager create a qipcrtr socket
Resolves: rhbz#2036582
- Allow ModemManager request to load a kernel module
Resolves: rhbz#2036582
- Allow sshd read sysctl files
Resolves: rhbz#2036585

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 0b4c1a7aa0be1129efd7e7749100734416a3a10d
+%global commit be6fc65ad949510ec105f4547d7f90a10d2ee33e
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.1.20
+Version: 34.1.21
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -792,6 +792,38 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 10 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.21-1
+- Remove the lockdown class from the policy
+Resolves: rhbz#2017848
+- Revert "define lockdown class and access"
+Resolves: rhbz#2017848
+- Allow gssproxy access to various system files.
+Resolves: rhbz#2026974
+- Allow gssproxy read, write, and map ica tmpfs files
+Resolves: rhbz#2026974
+- Allow gssproxy read and write z90crypt device
+Resolves: rhbz#2026974
+- Allow sssd_kcm read and write z90crypt device
+Resolves: rhbz#2026974
+- Allow abrt_domain read and write z90crypt device
+Resolves: rhbz#2026974
+- Allow NetworkManager read and write z90crypt device
+Resolves: rhbz#2026974
+- Allow smbcontrol read the network state information
+Resolves: rhbz#2038157
+- Allow virt_domain map vhost devices
+Resolves: rhbz#2035702
+- Allow fcoemon request the kernel to load a module
+Resolves: rhbz#2034463
+- Allow lldpd connect to snmpd with a unix domain stream socket
+Resolves: rhbz#2033315
+- Allow ModemManager create a qipcrtr socket
+Resolves: rhbz#2036582
+- Allow ModemManager request to load a kernel module
+Resolves: rhbz#2036582
+- Allow sshd read sysctl files
+Resolves: rhbz#2036585
+
 * Wed Dec 15 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.20-1
 - Allow dnsmasq watch /etc/dnsmasq.d directories
 Resolves: rhbz#2029866

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-0b4c1a7.tar.gz) = be30e30973d5cdebe3089ab29af733ea0c3cd63dad925f55e10f585ccd62e3c70a257be1afaaba3897473e217544d8b1f4304f01a33f3203bcc16f0652c075c5
+SHA512 (selinux-policy-be6fc65.tar.gz) = a1fee08dfe700f6423f71582b343e200bece1297c9315e80178bdf4db3bafd6aa68dcc74a8ebdda0cb46ab65981f44ebfbed4120d10603acc5b2f464cc519559
+SHA512 (container-selinux.tgz) = 99584896b4945360b2a5142f77c8d34fdf26ff769672e47f83920547c7249b45def97afa13f03434287fbe51396f017267e94a1d0ca2ed00728c631c5cbecb60
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 3372653abf4de573861602bf8f1217a427df40937b1172ee6b3ac98ce2fc2a1f0c8bc4ffd7210cbc428da901d8832281bb7401dc49035a539d2388144f892646