* Tue Nov 14 2023 Zdenek Pytela <zpytela@redhat.com> - 40.5-1

- Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
- Allow graphical applications work in Wayland
- Allow kdump work with PrivateTmp
- Allow dovecot-auth work with PrivateTmp
- Allow nfsd get attributes of all filesystems
- Allow unconfined_domain_type use io_uring cmd on domain
- ci: Only run Rawhide revdeps tests on the rawhide branch
- Label /var/run/auditd.state as auditd_var_run_t
- Allow fido-device-onboard (FDO) read the crack database
- Allow ip an explicit domain transition to other domains
- Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
- Allow  winbind_rpcd_t processes access when samba_export_all_* is on
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection
- Allow ntp to bind and connect to ntske port.
- Allow system_mail_t manage exim spool files and dirs
- Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t
- Label /run/pcsd.socket with cluster_var_run_t
- ci: Run cockpit tests in PRs

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 4c131aa69d180f74bd775c517da73b7c41c67458
+%global commit b1374e9fc76c7f53d634a5f16d2cffaec6347824
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.4
+Version: 40.5
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -814,6 +814,26 @@ exit 0
 %endif
 
 %changelog
+* Tue Nov 14 2023 Zdenek Pytela <zpytela@redhat.com> - 40.5-1
+- Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
+- Allow graphical applications work in Wayland
+- Allow kdump work with PrivateTmp
+- Allow dovecot-auth work with PrivateTmp
+- Allow nfsd get attributes of all filesystems
+- Allow unconfined_domain_type use io_uring cmd on domain
+- ci: Only run Rawhide revdeps tests on the rawhide branch
+- Label /var/run/auditd.state as auditd_var_run_t
+- Allow fido-device-onboard (FDO) read the crack database
+- Allow ip an explicit domain transition to other domains
+- Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
+- Allow  winbind_rpcd_t processes access when samba_export_all_* is on
+- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection
+- Allow ntp to bind and connect to ntske port.
+- Allow system_mail_t manage exim spool files and dirs
+- Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t
+- Label /run/pcsd.socket with cluster_var_run_t
+- ci: Run cockpit tests in PRs
+
 * Thu Oct 19 2023 Zdenek Pytela <zpytela@redhat.com> - 40.4-1
 - Add map_read map_write to kernel_prog_run_bpf
 - Allow systemd-fstab-generator read all symlinks

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-4c131aa.tar.gz) = ba1c3eee258b8b054f4610179adcb37bbf9a3f1107b872926406accee6acdb007149b36f952652a74b80347ea7d574ef09cb1354b9e8b9754d8caefae2820fbc
-SHA512 (container-selinux.tgz) = 81d22300ea446a9e093aa206a2bb848ebb8227b4312afb90962bfb15133552e35d2bada0ab437d836614cb3be1afd99534b78dc8b5fc19ce08b895452a7ca626
+SHA512 (selinux-policy-b1374e9.tar.gz) = 91fd7356f6d9075be02858dae81e67a86a1d9a101a6596dfd8bc0800696297f59e2ccf06c04f0164602424d7e9e03ed9ad271f72b1094947692d9e6b2f81ddee
+SHA512 (container-selinux.tgz) = 4ffb9390c7bd5b54326f72c6f5c5d17734833104ee45cb4666b662589e5e4640526964a19a32bc2f2802f1586fd397562d72e9f8cf5f628aac62e6a6f3d553c3
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4