diff --git a/docker-selinux.tgz b/docker-selinux.tgz index 013c2b77..107f454a 100644 Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index ec2e2799..d34fe0db 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -37363,7 +37363,7 @@ index b50c5fe..5c39fe5 100644 +/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0) + diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if -index 4e94884..41a18bc 100644 +index 4e94884..31be8ac 100644 --- a/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if @@ -233,7 +233,7 @@ interface(`logging_run_auditd',` @@ -37824,7 +37824,7 @@ index 4e94884..41a18bc 100644 + + systemd_exec_systemctl($1) + allow $1 syslogd_unit_file_t:file read_file_perms; -+ allow $1 syslog_unit_file_t:service manage_service_perms; ++ allow $1 syslogd_unit_file_t:service manage_service_perms; + + ps_process_pattern($1, syslogd_t) ') diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index c84486c5..854fb998 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -13298,7 +13298,7 @@ index 32e8265..c5a2913 100644 + allow $1 chronyd_unit_file_t:service all_service_perms; ') diff --git a/chronyd.te b/chronyd.te -index e5b621c..74e168f 100644 +index e5b621c..bc73da9 100644 --- a/chronyd.te +++ b/chronyd.te @@ -18,6 +18,9 @@ files_type(chronyd_keys_t) @@ -13329,7 +13329,7 @@ index e5b621c..74e168f 100644 allow chronyd_t chronyd_keys_t:file read_file_perms; manage_dirs_pattern(chronyd_t, chronyd_tmpfs_t, chronyd_tmpfs_t) -@@ -76,18 +83,41 @@ corenet_sendrecv_chronyd_server_packets(chronyd_t) +@@ -76,18 +83,42 @@ corenet_sendrecv_chronyd_server_packets(chronyd_t) corenet_udp_bind_chronyd_port(chronyd_t) corenet_udp_sendrecv_chronyd_port(chronyd_t) @@ -13358,6 +13358,7 @@ index e5b621c..74e168f 100644 + +optional_policy(` + dbus_system_bus_client(chronyd_t) ++') optional_policy(` gpsd_rw_shm(chronyd_t)