import selinux-policy-40.13.19-1.el10

.gitignore

@@ -1,2 +1,2 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-3f0002a.tar.gz
+SOURCES/selinux-policy-14ba8a3.tar.gz

.selinux-policy.metadata

@@ -1,2 +1,2 @@
-a93d442e55a089e898204de344ea212302d626d2 SOURCES/container-selinux.tgz
-444104bed47e1d4da78a6e09764a5e42c4f757af SOURCES/selinux-policy-3f0002a.tar.gz
+4e860788a4fe3bb771ba2f0d0f7a4b934d1d7eee SOURCES/container-selinux.tgz
+e9156e9d0c01a68682e7a0f87772d6d3bba80a15 SOURCES/selinux-policy-14ba8a3.tar.gz

SPECS/selinux-policy.spec

@@ -10,7 +10,7 @@
 
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 3f0002adb63d7da7f8dcb203925b9ba6d10301c3
+%global commit 14ba8a3b89d9bc28b698d366b52d747f477d9ca9
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -22,7 +22,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.13.16
+Version: 40.13.19
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -760,6 +760,72 @@ exit 0
 
 %changelog
 ## START: Generated by rpmautospec
+* Wed Dec 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.19-1
+- Allow systemd-journald getattr nsfs files
+Resolves: RHEL-71803
+- Allow systemd-related domains getattr nsfs files
+Resolves: RHEL-71803
+
+* Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.18-1
+- Sync dist/targeted/modules.conf with Fedora 42
+Resolves: RHEL-70850
+- Add support for sap
+Resolves: RHEL-70850
+- Allow sssd_selinux_manager_t the setcap process permission
+Resolves: RHEL-70822
+- Allow virtqemud open svirt_devpts_t char files
+Resolves: RHEL-43446
+- Fix the cups_read_pid_files() interface to use read_files_pattern
+Resolves: RHEL-69512
+
+* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1
+- Update samba-bgqd policy
+Resolves: RHEL-69512
+- Allow samba-bgqd read cups config files
+Resolves: RHEL-69512
+- Allow virtqemud additional permissions for tmpfs_t blk devices
+Resolves: RHEL-61235
+- Allow virtqemud rw access to svirt_image_t chr files
+Resolves: RHEL-61235
+- Allow virtqemud rw and setattr access to fixed block devices
+Resolves: RHEL-61235
+- Label /etc/mdevctl.d/scripts.d with bin_t
+Resolves: RHEL-39893
+- Fix the /etc/mdevctl\.d(/.*)? regexp
+Resolves: RHEL-39893
+- Allow virtnodedev watch mdevctl config dirs
+Resolves: RHEL-39893
+- Make mdevctl_conf_t member of the file_type attribute
+Resolves: RHEL-39893
+- Label /etc/mdevctl.d with mdevctl_conf_t
+Resolves: RHEL-39893
+- Allow virtqemud relabelfrom virt_log_t files
+Resolves: RHEL-48236
+- Allow virtqemud_t relabel virtqemud_var_run_t sock_files
+Resolves: RHEL-48236
+- Allow virtqemud relabelfrom virtqemud_var_run_t dirs
+Resolves: RHEL-48236
+- Allow svirt_tcg_t read virtqemud_t fifo_files
+Resolves: RHEL-48236
+- Allow virtqemud rw and setattr access to sev devices
+Resolves: RHEL-69128
+- Allow virtqemud directly read and write to a fixed disk
+Resolves: RHEL-61235
+- Allow svirt_t the sys_rawio capability
+Resolves: RHEL-61235
+- Allow svirt_t the sys_rawio capability
+Resolves: RHEL-61235
+- Allow virtqemud connect to sanlock over a unix stream socket
+Resolves: RHEL-44352
+- allow gdm and iiosensorproxy talk to each other via D-bus
+Resolves: RHEL-70850
+- Allow sendmail to map mail server configuration files
+Related: RHEL-54014
+- Allow procmail to read mail aliases
+Resolves: RHEL-54014
+- Grant rhsmcertd chown capability & userdb access
+Resolves: RHEL-68481
+
 * Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1
 - Fix the file type for /run/systemd/generator
 Resolves: RHEL-68313