* Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.19-1

- Allow postfix smtpd map aliases file
- Ensure dbus communication is allowed bidirectionally
- Label systemd configuration files with systemd_conf_t
- Label /run/systemd/machine with systemd_machined_var_run_t
- Allow systemd-hostnamed read the vsock device
- Allow sysadm execute dmidecode using sudo
- Allow sudodomain list files in /var
- Allow setroubleshootd get attributes of all sysctls
- Allow various services read and write z90crypt device
- Allow nfsidmap connect to systemd-homed
- Allow sandbox_x_client_t dbus chat with accountsd
- Allow system_cronjob_t dbus chat with avahi_t
- Allow staff_t the io_uring sqpoll permission
- Allow staff_t use the io_uring API
- Add support for secretmem anon inode
- Backport /var/run change related improvements

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455
+%global commit 750db5ab9d7e074156b1daf8e2a8ecd5facc3d9b
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.13
+Version: 40.13.1
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -860,6 +860,28 @@ exit 0
 %endif
 
 %changelog
+* Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.1-1
+- Allow logwatch read logind sessions files
+Resolves: RHEL-30441
+- Allow sulogin relabel tty1
+Resolves: RHEL-30440
+- Dontaudit sulogin the checkpoint_restore capability
+Resolves: RHEL-30440
+- Allow postfix smtpd map aliases file
+Resolves: RHEL-35544
+- Ensure dbus communication is allowed bidirectionally
+Resolves: RHEL-35783
+- Allow various services read and write z90crypt device
+Resolves: RHEL-28539
+- Allow dhcpcd use unix_stream_socket
+Resolves: RHEL-33081
+- Allow xdm_t to watch and watch_reads mount_var_run_t
+Resolves: RHEL-36073
+- Allow plymouthd log during shutdown
+Resolves: RHEL-30455
+- Update rpm configuration for the /var/run equivalency change
+Resolves: RHEL-36094
+
 * Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1
 - Only allow confined user domains to login locally without unconfined_login
 - Add userdom_spec_domtrans_confined_admin_users interface

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-d9f4a2b.tar.gz) = 6abfcb82e7187b0c7c4052d6230a25717e6eb783ecc49c07314422bee138a820f3ff21e8993102f4f954fdb238c28fb94c466c1f275993de1c26db271d910a13
+SHA512 (selinux-policy-750db5a.tar.gz) = f6d0711b2789380c5daa05007f4408eff8e03f21b56791bd54228e14841a7898ff5836502d36743b754452409434fab6ce051f134b9b5fbaf777fc794c081ee0
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 6a33208ad6b3b55d254b98775ed4d1486efb5f09c144b695a852f14f28277a6ebf1de9aa6e9c579677c738cc1b0d7cff4dbdb8d38fc0602433cdf7ce551a00ed
+SHA512 (container-selinux.tgz) = bc713e3461d31f85f3fe8ad8ca9813ce1742b0bf0f0eb8712633558140f65bd765c3ce744646234925c34b4c1413f555e66f5f38636ad5b5b7cc5f1967ab4488