* Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121

- Update pkcsslotd policy for sandboxing 2/2
Resolves: rhbz#2208162
- Update pkcsslotd policy for sandboxing 1/2
Resolves: rhbz#2208162
- Allow abrt_t read kernel persistent storage files
Resolves: rhbz#2207914
- Add allow rules for lttng-sessiond domain
Resolves: rhbz#2203509
- Allow rpcd_lsad setcap and use generic ptys
Resolves: rhbz#2107106
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
Resolves: rhbz#2107106
- Dontaudit targetd search httpd config dirs
Resolves: rhbz#2203720

.gitignore

@@ -11,3 +11,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz
 /selinux-policy-contrib-2604c4b.tar.gz
 /selinux-policy-e7dabe5.tar.gz
 /selinux-policy-contrib-e782e71.tar.gz
+/selinux-policy-7bf027b.tar.gz
+/selinux-policy-contrib-15580d9.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 e7dabe542cfc6bbc951f97ddd7e68c73367e57f3
+%global commit0 7bf027bb89f2445187e0e6cfbe3737e7bf293839
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 e782e713b1d431632ed0a1e989b8daecb1ef46df
+%global commit1 15580d977236fc7023c929be975a79bda9d849a3
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 120%{?dist}
+Release: 121%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -717,6 +717,22 @@ exit 0
 %endif
 
 %changelog
+* Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
+- Update pkcsslotd policy for sandboxing 2/2
+Resolves: rhbz#2208162
+- Update pkcsslotd policy for sandboxing 1/2
+Resolves: rhbz#2208162
+- Allow abrt_t read kernel persistent storage files
+Resolves: rhbz#2207914
+- Add allow rules for lttng-sessiond domain
+Resolves: rhbz#2203509
+- Allow rpcd_lsad setcap and use generic ptys
+Resolves: rhbz#2107106
+- Allow samba-dcerpcd connect to systemd_machined over a unix socket
+Resolves: rhbz#2107106
+- Dontaudit targetd search httpd config dirs
+Resolves: rhbz#2203720
+
 * Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
 - Allow unconfined service inherit signal state from init
 Resolves: rhbz#2177254

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-e7dabe5.tar.gz) = ac82d23bef68e74c30f0ae4df71a17d259c657fd54e74e09e1afe2071c358b46c3de6246c84e01315a8b8ff62dbb8720dca9bac67077a82331316e6be7a9d9db
-SHA512 (selinux-policy-contrib-e782e71.tar.gz) = 6a6cdc30a3ccb857d51742a79eeeb36faf0b34f3a7fd176cc4fe9862c1d1c97c080870b525860280e89a19af49e36f4a1af5e2df6556b81e6940dc2207f31ca7
+SHA512 (selinux-policy-7bf027b.tar.gz) = b900b92cb478c8760066a92b940c3a7805b9e027f45b3f95db11c0f21e4bcc53b9aa2789c8ef27419bebc88e1241f83b754bf86df6d7080ed8d6177d8220dd99
+SHA512 (selinux-policy-contrib-15580d9.tar.gz) = a1ff8e027c4cd1c432455a45ba81f704d7ab44a761a651fe642d2d14d8c1030ce36fcc5c8b18b31fcd8bf912abc37a4cc8f9c1d4e7e792c0afd3f13dd40905e1
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 0e30e47f16e1348f7cca16898e15385b258a996d9291a4fa1d6c21f2a89ae6e6863a562e3fda51de0cedd706cd2775b7a012cfb8776bba64c79bdf42f6bac4e7
+SHA512 (container-selinux.tgz) = 67a310d0deded978c3c30c8ddafe50bb34797ec3b2d7220c9c0da7789befa632f10921e86846fe97c5f0b37c1b05d8a16084ef2010d8ac526d48154c09f8c82b