* Fri Aug 11 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.20-1

- Allow user_u and staff_u get attributes of non-security dirs
Resolves: rhbz#2215507
- Allow cloud_init create dhclient var files and init_t manage net_conf_t
Resolves: rhbz#2225418
- Allow samba-dcerpc service manage samba tmp files
Resolves: rhbz#2230365
- Update samba-dcerpc policy for printing
Resolves: rhbz#2230365
- Allow sysadm_t run kernel bpf programs
Resolves: rhbz#2229936
- allow mon_procd_t self:cap_userns sys_ptrace
Resolves: rhbz#2221986
- Remove nsplugin_role from mozilla.if
Resolves: rhbz#2221251
- Allow unconfined user filetrans chrome_sandbox_home_t
Resolves: rhbz#2187893
- Allow pdns name_bind and name_connect all ports
Resolves: rhbz#2047945
- Allow insights-client read and write cluster tmpfs files
Resolves: rhbz#2221631
- Allow ipsec read nsfs files
Resolves: rhbz#2230277
- Allow upsmon execute upsmon via a helper script
Resolves: rhbz#2228403
- Fix labeling for no-stub-resolv.conf
Resolves: rhbz#2148390
- Add use_nfs_home_dirs boolean for mozilla_plugin
Resolves: rhbz#2214298
- Change wording in /etc/selinux/config
Resolves: rhbz#2143153

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 94cf6f6d51ad0340d88b480d9425b3af0585d2a6
+%global commit 15ca2e1186996977543bcf88dffcb16cb6fea020
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.1.19
+Version: 38.1.20
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -809,6 +809,38 @@ exit 0
 %endif
 
 %changelog
+* Fri Aug 11 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.20-1
+- Allow user_u and staff_u get attributes of non-security dirs
+Resolves: rhbz#2215507
+- Allow cloud_init create dhclient var files and init_t manage net_conf_t
+Resolves: rhbz#2225418
+- Allow samba-dcerpc service manage samba tmp files
+Resolves: rhbz#2230365
+- Update samba-dcerpc policy for printing
+Resolves: rhbz#2230365
+- Allow sysadm_t run kernel bpf programs
+Resolves: rhbz#2229936
+- allow mon_procd_t self:cap_userns sys_ptrace
+Resolves: rhbz#2221986
+- Remove nsplugin_role from mozilla.if
+Resolves: rhbz#2221251
+- Allow unconfined user filetrans chrome_sandbox_home_t
+Resolves: rhbz#2187893
+- Allow pdns name_bind and name_connect all ports
+Resolves: rhbz#2047945
+- Allow insights-client read and write cluster tmpfs files
+Resolves: rhbz#2221631
+- Allow ipsec read nsfs files
+Resolves: rhbz#2230277
+- Allow upsmon execute upsmon via a helper script
+Resolves: rhbz#2228403
+- Fix labeling for no-stub-resolv.conf
+Resolves: rhbz#2148390
+- Add use_nfs_home_dirs boolean for mozilla_plugin
+Resolves: rhbz#2214298
+- Change wording in /etc/selinux/config
+Resolves: rhbz#2143153
+
 * Thu Aug 03 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.19-1
 - Allow qatlib to read sssd public files
 Resolves: rhbz#2080443

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-94cf6f6.tar.gz) = 1ccdff5b892aa533f01c45acd2773390f16f9c1a651ff484234ca396b6bfb91eadea806420fa5a9cda5941aac5b9bbdc6dc4ac43ebc3cb8bb11fb63ed5ee9f7d
+SHA512 (selinux-policy-15ca2e1.tar.gz) = 6c25023b673e0679e0b63de43160ab319286515e3bf6a10a2c0f619938ff0e990b801399d09783835bde21389ae4cd313d0f85da61bbb2ea62cbe48ad3528594
-SHA512 (container-selinux.tgz) = 0db53b721c6f62e8dd012ad7a1768694e2dade67e1e18936de8febca47e7589bc0962078eb358e2c690c7c6aba88dd58099320e39b8e484a7d754daa06f1abed
+SHA512 (container-selinux.tgz) = 9fa7f628877a148c4576e7d6bd5dc9bfe2592bb1e89c6796375d14d947774ddec6ae3c87f3dc46dc44a0d6319e4bcf8576440828bd767f5c6ee15f4a920627d8
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4