* Thu May 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.9-1

- Add kerberos object filetrans for nsswitchdomain
- Allow fail2ban watch various log files
- Add logging_watch_audit_log_files() and logging_watch_audit_log_dirs()
- Remove further modules recently removed from refpolicy
- Remove modules not shipped and not present in refpolicy
- Revert "Add permission open to files_read_inherited_tmp_files() interface"
- Revert "Allow pcp_pmlogger_t to use setrlimit BZ(1708951)"
- Revert "Dontaudit logrotate to setrlimit itself. rhbz#1309604"
- Revert "Allow cockpit_ws_t domain to set limits BZ(1701703)"
- Dontaudit setrlimit for domains that exec systemctl
- Allow kdump_t net_admin capability
- Allow nsswitch_domain read init pid lnk_files
- Label /dev/trng with random_device_t
- Label /run/systemd/default-hostname with hostname_etc_t
- Add default file context specification for dnf log files
- Label /dev/zram[0-9]+ block device files with fixed_disk_device_t
- Label /dev/udmabuf character device with dma_device_t
- Label /dev/dma_heap/* char devices with dma_device_t
- Label /dev/acpi_thermal_rel char device with acpi_device_t

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 84d400b50cd328c24885b6579ee32c729092ddb8
+%global commit 2ed658b0f359f464daaf11587740f7f02fbb7175
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.8
-Release: 2%{?dist}
+Version: 34.9
+Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -792,6 +792,27 @@ exit 0
 %endif
 
 %changelog
+* Thu May 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.9-1
+- Add kerberos object filetrans for nsswitchdomain
+- Allow fail2ban watch various log files
+- Add logging_watch_audit_log_files() and logging_watch_audit_log_dirs()
+- Remove further modules recently removed from refpolicy
+- Remove modules not shipped and not present in refpolicy
+- Revert "Add permission open to files_read_inherited_tmp_files() interface"
+- Revert "Allow pcp_pmlogger_t to use setrlimit BZ(1708951)"
+- Revert "Dontaudit logrotate to setrlimit itself. rhbz#1309604"
+- Revert "Allow cockpit_ws_t domain to set limits BZ(1701703)"
+- Dontaudit setrlimit for domains that exec systemctl
+- Allow kdump_t net_admin capability
+- Allow nsswitch_domain read init pid lnk_files
+- Label /dev/trng with random_device_t
+- Label /run/systemd/default-hostname with hostname_etc_t
+- Add default file context specification for dnf log files
+- Label /dev/zram[0-9]+ block device files with fixed_disk_device_t
+- Label /dev/udmabuf character device with dma_device_t
+- Label /dev/dma_heap/* char devices with dma_device_t
+- Label /dev/acpi_thermal_rel char device with acpi_device_t
+
 * Thu May 20 2021 Zdenek Pytela <zpytela@redhat.com> - 34.8-2
 - Remove temporary explicit /dev/nvme relabeling
 

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-84d400b.tar.gz) = 82c732d8e575b9b760bf8d1231d78c3b6b149e11c462d1171109b1a1b72a6e9c56274ae9ae0bf59c6ff3db58836d8eb2ede00c0d5aabd058503671ba011ecd70
+SHA512 (selinux-policy-2ed658b.tar.gz) = 6abd2ca2431d0fcfbc0e7644b5f3a98d9b3e36703580979681c04eb75cea0bd66f83f014cec9e392c75142e8aef125da9584da8d38a86a89277748b60d25ec54
+SHA512 (container-selinux.tgz) = d572a659c7fc075b018ec02210dcf0efd92e130cf61afe2bbcb8f58117dc277aecf8f99acf75b8c3d46cf853cfbad716a1820852f0763ca6c7b7835225360dd3
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 7854b564d7f2ff244d7bfe4fa324dff22da4c2d4546e0c5ccab152920eb869f75f5b347783fc6aec33779785db2506f51faf858dec693852416633419fad6d8a