* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.27-1

- Allow ModemManager connect to the unconfined user domain
Resolves: rhbz#2000196
- Label /dev/wwan.+ with modem_manager_t
Resolves: rhbz#2000196
- Allow systemd-coredump userns capabilities and root mounton
Resolves: rhbz#2057435
- Allow systemd-coredump read and write usermodehelper state
Resolves: rhbz#2057435
- Allow sysadm_passwd_t to relabel passwd and group files
Resolves: rhbz#2053458
- Allow systemd-sysctl read the security state information
Resolves: rhbz#2056999
- Remove unnecessary /etc file transitions for insights-client
Resolves: rhbz#2055823
- Label all content in /var/lib/insights with insights_client_var_lib_t
Resolves: rhbz#2055823
- Update insights-client policy
Resolves: rhbz#2055823
- Update insights-client: fc pattern, motd, writing to etc
Resolves: rhbz#2055823
- Update specfile to buildrequire policycoreutils-devel >= 3.3-5
- Add modules_checksum to %files

selinux-policy.spec

@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1
+%global commit 4f11279dde0016b29017c44862fac2e12ddc55f6
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -19,11 +19,11 @@
 %define BUILD_MLS 1
 %endif
 %define POLICYVER 33
-%define POLICYCOREUTILSVER 3.2
+%define POLICYCOREUTILSVER 3.3-5
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.1.26
+Version: 34.1.27
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -268,6 +268,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
 %nil
 
 %define relabel() \
@@ -792,6 +793,30 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.27-1
+- Allow ModemManager connect to the unconfined user domain
+Resolves: rhbz#2000196
+- Label /dev/wwan.+ with modem_manager_t
+Resolves: rhbz#2000196
+- Allow systemd-coredump userns capabilities and root mounton
+Resolves: rhbz#2057435
+- Allow systemd-coredump read and write usermodehelper state
+Resolves: rhbz#2057435
+- Allow sysadm_passwd_t to relabel passwd and group files
+Resolves: rhbz#2053458
+- Allow systemd-sysctl read the security state information
+Resolves: rhbz#2056999
+- Remove unnecessary /etc file transitions for insights-client
+Resolves: rhbz#2055823
+- Label all content in /var/lib/insights with insights_client_var_lib_t
+Resolves: rhbz#2055823
+- Update insights-client policy
+Resolves: rhbz#2055823
+- Update insights-client: fc pattern, motd, writing to etc
+Resolves: rhbz#2055823
+- Update specfile to buildrequire policycoreutils-devel >= 3.3-5
+- Add modules_checksum to %files
+
 * Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1
 - Remove permissive domain for insights_client_t
 Resolves: rhbz#2055823

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-0b21d4c.tar.gz) = 76c7f8ada11fcaaf91ff988e4f620fdcfb308b2d44a55c581de0273cce45a5882c7545b7ff2afdfe06dc829197cf2e9569251002bda6a1948d5b48409dec0e85
-SHA512 (container-selinux.tgz) = 7d34c2fd477cfebc34c740cad8260c7afb51e34fb0f726dd465d3136fe89d32b5683f6d8eafcaa7dac309efe39e39e6a3f06793d7d021018240cf703353b5d79
+SHA512 (selinux-policy-4f11279.tar.gz) = afb17e1cfccfb037e95d71a0804c4f2723690e65d4e06a7f2e2aaee2f1b68acb81e276b7cda139768456cd656770d3c08cc99d68b1bbca409c2cc3d5ab89b661
+SHA512 (container-selinux.tgz) = 23ec118ae5d33a536e528440f2a19c12bdbc453ba8676c5f8842e48e40f20138375437b71e6c0896e12813aca75a693806867fc08d6a710ffc560ea82b3aab65
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4