Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#ad33d7979e1d6eb8cb76a1176222778f981b4c4e

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117
+%global commit e82ad03883fec6968f07d229ce8720dd593ee72e
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -792,25 +792,33 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-20
+- Allow userdomain watch various filesystem objects
+- Allow systemd-logind and systemd-sleep integrity lockdown permission
+- Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context
+- Allow pulseaudio watch devices and systemd-logind session dirs
+- Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir
+- Remove duplicate files_mounton_etc(init_t) call
+- Add watch permissions to manage_* object permissions sets
+- Allow journalctl watch generic log dirs and /run/log/journal dir
+- Label /etc/resolv.conf as net_conf_t even when it's a symlink
+- Allow SSSD to watch /var/run/NetworkManager
+- Allow dnsmasq_t to watch /etc
+- Remove unnecessary lines from the new watch interfaces
+- Fix docstring for init_watch_dir()
+- Allow xdm watch its private lib dirs, /etc, /usr
+
 * Fri Feb 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-19
-- Allow rtkit_daemon_t domain set process nice value in user namespaces
-Resolves: rhbz#1910507
-- Allow gpsd read and write ptp4l_t shared memory.
-Resolves: rhbz#1803845
-- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type
-Resolves: rhbz#1804626
-- Allow Certmonger to use opencryptoki services
-Resolves: rhbz#1894132
-- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm
-Resolves: rhbz#1815603
-- Allow rhsmcertd_t read kpatch lib files
-Resolves: rhbz#1895322
-- Allow ipsec_t connectto ipsec_mgmt_t
-Resolves: rhbz#1848355
-- Allow IPsec to use opencryptoki services
-Resolves: rhbz#1894132
+- Bump version as Fedora 34 has been branched off rawhide
+- Allow xdm watch its private lib dirs, /etc, /usr
 - Allow systemd-importd create /run/systemd/machines.lock file
-Resolves: rhbz#1788055
+- Allow rhsmcertd_t read kpatch lib files
+- Add integrity lockdown permission into dev_read_raw_memory()
+- Add confidentiality lockdown permission into fs_rw_tracefs_files()
+- Allow gpsd read and write ptp4l_t shared memory.
+- Allow colord watch its private lib files and /usr
+- Allow init watch_reads mount PID files
+- Allow IPsec and Certmonger to use opencryptoki services
 
 * Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
 - Allow lockdown confidentiality for domains using perf_event

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725
-SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a
+SHA512 (container-selinux.tgz) = 3ef4ed4f154c1fa815e2f9fc3bcd68224b75cabbcb822c604ab5e13406315599ef30e63104dc732230e17a4dec72829de4827ad9cba0f2198b3852f151e6eea8
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2