* Mon Jan 17 2022 Zdenek Pytela <zpytela@redhat.com> - 35.10-1

- Allow login_userdomain watch systemd-machined PID directories
- Allow login_userdomain watch systemd-logind PID directories
- Allow login_userdomain watch accountsd lib directories
- Allow login_userdomain watch localization directories
- Allow login_userdomain watch various files and dirs
- Allow login_userdomain watch generic directories in /tmp
- Allow rhsm-service read/write its private memfd: objects
- Allow radiusd connect to the radacct port
- Allow systemd-io-bridge ioctl rpm_script_t
- Allow systemd-coredump userns capabilities and root mounton
- Allow systemd-coredump read and write usermodehelper state
- Allow login_userdomain create session_dbusd tmp socket files
- Allow gkeyringd_domain write to session_dbusd tmp socket files
- Allow systemd-logind delete session_dbusd tmp socket files
- Allow gdm-x-session write to session dbus tmp sock files
- Label /etc/cockpit/ws-certs.d with cert_t
- Allow kpropd get attributes of cgroup filesystems
- Allow administrative users the bpf capability
- Allow sysadm_t start and stop transient services
- Connect triggerin to pcre2 instead of pcre

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 84dd4309ad6d644edea2c3cf448f516f4e008c04
+%global commit b909895c58d7709343e59e24f115d5ede1f46944
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 35.9
+Version: 35.10
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -808,6 +808,28 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 17 2022 Zdenek Pytela <zpytela@redhat.com> - 35.10-1
+- Allow login_userdomain watch systemd-machined PID directories
+- Allow login_userdomain watch systemd-logind PID directories
+- Allow login_userdomain watch accountsd lib directories
+- Allow login_userdomain watch localization directories
+- Allow login_userdomain watch various files and dirs
+- Allow login_userdomain watch generic directories in /tmp
+- Allow rhsm-service read/write its private memfd: objects
+- Allow radiusd connect to the radacct port
+- Allow systemd-io-bridge ioctl rpm_script_t
+- Allow systemd-coredump userns capabilities and root mounton
+- Allow systemd-coredump read and write usermodehelper state
+- Allow login_userdomain create session_dbusd tmp socket files
+- Allow gkeyringd_domain write to session_dbusd tmp socket files
+- Allow systemd-logind delete session_dbusd tmp socket files
+- Allow gdm-x-session write to session dbus tmp sock files
+- Label /etc/cockpit/ws-certs.d with cert_t
+- Allow kpropd get attributes of cgroup filesystems
+- Allow administrative users the bpf capability
+- Allow sysadm_t start and stop transient services
+- Connect triggerin to pcre2 instead of pcre
+
 * Wed Jan 12 2022 Zdenek Pytela <zpytela@redhat.com> - 35.9-1
 - Allow sshd read filesystem sysctl files
 - Revert "Allow sshd read sysctl files"

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-84dd430.tar.gz) = 4ce18a6104ac28748f09bba2bb42e535a8a2a06e5e209cc076250acd47585f141428ffd7e82a407b93ce977275db21e9929beb96be1d9db9cbf2cd24f89092be
-SHA512 (container-selinux.tgz) = 3427c9b46b93207f5be8dd6bc0d984b18940936fa0f23bb32a2f2fc7bba3146c67373d5217998643add7ff3731d27c346ee7378c52044487350e25db9af86e60
+SHA512 (selinux-policy-b909895.tar.gz) = 5bc36dea11a47e30fa57d84297eda384cd0fdd017a2cf839b11a2966ee42abbf0df2b530620ba04a62c2ad57464eac77f8c430f1889758ae6b9580a6c84fda04
+SHA512 (container-selinux.tgz) = c1a52aca95ea6a75d26bdcea4ceb0f3bfd326d5dab2d9ec334b02a0e1d24c0e9719ca335fd5b376c7a9dfc8be052df111506e0072f0f45b59c2409a45e7e0f2b
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4