* Fri Apr 14 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.12-1

- Allow cloud-init domain transition to insights-client domain
Resolves: rhbz#2162663
- Allow chronyd send a message to cloud-init over a datagram socket
Resolves: rhbz#2162663
- Allow dmidecode write to cloud-init tmp files
Resolves: rhbz#2162663
- Allow login_pgm setcap permission
Resolves: rhbz#2174331
- Allow tshark the setsched capability
Resolves: rhbz#2165634
- Allow chronyc read network sysctls
Resolves: rhbz#2173604
- Allow systemd-timedated watch init runtime dir
Resolves: rhbz#2175137
- Add journalctl the sys_resource capability
Resolves: rhbz#2153782
- Allow system_cronjob_t transition to rpm_script_t
Resolves: rhbz#2173685
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
Resolves: rhbz#2173685
- Allow insights-client tcp connect to all ports
Resolves: rhbz#2183083
- Allow insights-client work with su and lpstat
Resolves: rhbz#2183083
- Allow insights-client manage fsadm pid files
Resolves: rhbz#2183083
- Allow insights-client read all sysctls
Resolves: rhbz#2183083
- Allow rabbitmq to read network sysctls
Resolves: rhbz#2184999

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 1f00e9902fc460b1b1eedb5fbb182bdff6924e33
+%global commit 8e37504d1c611f9ab6ba12767dbad2fd8eaac343
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.1.11
-Release: 2%{?dist}
+Version: 38.1.12
+Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -809,6 +809,38 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 14 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.12-1
+- Allow cloud-init domain transition to insights-client domain
+Resolves: rhbz#2162663
+- Allow chronyd send a message to cloud-init over a datagram socket
+Resolves: rhbz#2162663
+- Allow dmidecode write to cloud-init tmp files
+Resolves: rhbz#2162663
+- Allow login_pgm setcap permission
+Resolves: rhbz#2174331
+- Allow tshark the setsched capability
+Resolves: rhbz#2165634
+- Allow chronyc read network sysctls
+Resolves: rhbz#2173604
+- Allow systemd-timedated watch init runtime dir
+Resolves: rhbz#2175137
+- Add journalctl the sys_resource capability
+Resolves: rhbz#2153782
+- Allow system_cronjob_t transition to rpm_script_t
+Resolves: rhbz#2173685
+- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
+Resolves: rhbz#2173685
+- Allow insights-client tcp connect to all ports
+Resolves: rhbz#2183083
+- Allow insights-client work with su and lpstat
+Resolves: rhbz#2183083
+- Allow insights-client manage fsadm pid files
+Resolves: rhbz#2183083
+- Allow insights-client read all sysctls
+Resolves: rhbz#2183083
+- Allow rabbitmq to read network sysctls
+Resolves: rhbz#2184999
+
 * Tue Mar 28 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.11-2
 - rebuilt
 Resolves: rhbz#2172268

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-1f00e99.tar.gz) = 38717d8956d03e810bbe55aa58c38e90819cbe3cbc42e9095ced2dfee2381dc013db7c21df22e708d1802a031b565b675f2962d8834e95cbfad9e46a253c34e3
-SHA512 (container-selinux.tgz) = 9a6521e678d3efe3a8d94ec69edd7b8c4c39332e0c96c9f6bf57123ec926a807bac839ad5938abc7639ba454c8f6e80d6253ce11b9412320ba295128f6335ebd
+SHA512 (selinux-policy-8e37504.tar.gz) = 0c0b39f2421ca964db7b9cbbabf00000c37b1c7110bcac47eb489ca0d8e49ecca0d6cb5587e7e8897deaa941a27a6abb371e0ae75a066f105d76d9801b52ef4e
+SHA512 (container-selinux.tgz) = 994717d9350b71ab5cabc6cf08b11eec1832a7db0e6c5a78d0e36cb32f78438d84a1d0cda431d5a80e67fc1e8645f663eca65f30e023d6aca8697770556ba8b2
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4