From d504b523d0954ba3fae9a081ddf52e60a3150d26 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Fri, 11 Aug 2023 18:37:49 +0200
Subject: [PATCH] * Fri Aug 11 2023 Nikola Knazekova <nknazeko@redhat.com> -
 38.1.20-1 - Allow user_u and staff_u get attributes of non-security dirs
 Resolves: rhbz#2215507 - Allow cloud_init create dhclient var files and
 init_t manage net_conf_t Resolves: rhbz#2225418 - Allow samba-dcerpc service
 manage samba tmp files Resolves: rhbz#2230365 - Update samba-dcerpc policy
 for printing Resolves: rhbz#2230365 - Allow sysadm_t run kernel bpf programs
 Resolves: rhbz#2229936 - allow mon_procd_t self:cap_userns sys_ptrace
 Resolves: rhbz#2221986 - Remove nsplugin_role from mozilla.if Resolves:
 rhbz#2221251 - Allow unconfined user filetrans chrome_sandbox_home_t
 Resolves: rhbz#2187893 - Allow pdns name_bind and name_connect all ports
 Resolves: rhbz#2047945 - Allow insights-client read and write cluster tmpfs
 files Resolves: rhbz#2221631 - Allow ipsec read nsfs files Resolves:
 rhbz#2230277 - Allow upsmon execute upsmon via a helper script Resolves:
 rhbz#2228403 - Fix labeling for no-stub-resolv.conf Resolves: rhbz#2148390 -
 Add use_nfs_home_dirs boolean for mozilla_plugin Resolves: rhbz#2214298 -
 Change wording in /etc/selinux/config Resolves: rhbz#2143153

---
 selinux-policy.spec | 36 ++++++++++++++++++++++++++++++++++--
 sources             |  4 ++--
 2 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5a90157a..b16ae974 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 94cf6f6d51ad0340d88b480d9425b3af0585d2a6
+%global commit 15ca2e1186996977543bcf88dffcb16cb6fea020
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.1.19
+Version: 38.1.20
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -809,6 +809,38 @@ exit 0
 %endif
 
 %changelog
+* Fri Aug 11 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.20-1
+- Allow user_u and staff_u get attributes of non-security dirs
+Resolves: rhbz#2215507
+- Allow cloud_init create dhclient var files and init_t manage net_conf_t
+Resolves: rhbz#2225418
+- Allow samba-dcerpc service manage samba tmp files
+Resolves: rhbz#2230365
+- Update samba-dcerpc policy for printing
+Resolves: rhbz#2230365
+- Allow sysadm_t run kernel bpf programs
+Resolves: rhbz#2229936
+- allow mon_procd_t self:cap_userns sys_ptrace
+Resolves: rhbz#2221986
+- Remove nsplugin_role from mozilla.if
+Resolves: rhbz#2221251
+- Allow unconfined user filetrans chrome_sandbox_home_t
+Resolves: rhbz#2187893
+- Allow pdns name_bind and name_connect all ports
+Resolves: rhbz#2047945
+- Allow insights-client read and write cluster tmpfs files
+Resolves: rhbz#2221631
+- Allow ipsec read nsfs files
+Resolves: rhbz#2230277
+- Allow upsmon execute upsmon via a helper script
+Resolves: rhbz#2228403
+- Fix labeling for no-stub-resolv.conf
+Resolves: rhbz#2148390
+- Add use_nfs_home_dirs boolean for mozilla_plugin
+Resolves: rhbz#2214298
+- Change wording in /etc/selinux/config
+Resolves: rhbz#2143153
+
 * Thu Aug 03 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.19-1
 - Allow qatlib to read sssd public files
 Resolves: rhbz#2080443
diff --git a/sources b/sources
index 50ec68b3..ba909c3d 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-94cf6f6.tar.gz) = 1ccdff5b892aa533f01c45acd2773390f16f9c1a651ff484234ca396b6bfb91eadea806420fa5a9cda5941aac5b9bbdc6dc4ac43ebc3cb8bb11fb63ed5ee9f7d
-SHA512 (container-selinux.tgz) = 0db53b721c6f62e8dd012ad7a1768694e2dade67e1e18936de8febca47e7589bc0962078eb358e2c690c7c6aba88dd58099320e39b8e484a7d754daa06f1abed
+SHA512 (selinux-policy-15ca2e1.tar.gz) = 6c25023b673e0679e0b63de43160ab319286515e3bf6a10a2c0f619938ff0e990b801399d09783835bde21389ae4cd313d0f85da61bbb2ea62cbe48ad3528594
+SHA512 (container-selinux.tgz) = 9fa7f628877a148c4576e7d6bd5dc9bfe2592bb1e89c6796375d14d947774ddec6ae3c87f3dc46dc44a0d6319e4bcf8576440828bd767f5c6ee15f4a920627d8
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4