From 4a6ce4bf1f0e432b295a19c237893888888cf743 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mar 03 2023 16:49:15 +0000
Subject: * Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1

- Confine gnome-initial-setup
- Allow qemu-guest-agent create and use vsock socket
- Allow login_pgm setcap permission
- Allow chronyc read network sysctls
- Enhancement of the /usr/sbin/request-key helper policy
- Fix opencryptoki file names in /dev/shm
- Allow system_cronjob_t transition to rpm_script_t
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
- Add tunable to allow squid bind snmp port
- Allow staff_t getattr init pid chr & blk files and read krb5
- Allow firewalld to rw z90crypt device
- Allow httpd work with tokens in /dev/shm
- Allow svirt to map svirt_image_t char files
- Allow sysadm_t run initrc_t script and sysadm_r role access
- Allow insights-client manage fsadm pid files

---

diff --git a/selinux-policy.spec b/selinux-policy.spec
index acbd370..97ec688 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit fe62ff64ca224f40cffb1ebe12e282a6d101e2b9
+%global commit bc228bd0c249a9e4aa3dcf238c2b1bb138943b07
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.7
+Version: 38.8
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -813,6 +813,23 @@ exit 0
 %endif
 
 %changelog
+* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1
+- Confine gnome-initial-setup
+- Allow qemu-guest-agent create and use vsock socket
+- Allow login_pgm setcap permission
+- Allow chronyc read network sysctls
+- Enhancement of the /usr/sbin/request-key helper policy
+- Fix opencryptoki file names in /dev/shm
+- Allow system_cronjob_t transition to rpm_script_t
+- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
+- Add tunable to allow squid bind snmp port
+- Allow staff_t getattr init pid chr & blk files and read krb5
+- Allow firewalld to rw z90crypt device
+- Allow httpd work with tokens in /dev/shm
+- Allow svirt to map svirt_image_t char files
+- Allow sysadm_t run initrc_t script and sysadm_r role access
+- Allow insights-client manage fsadm pid files
+
 * Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1
 - Allowing snapper to create snapshots of /home/ subvolume/partition
 - Add boolean qemu-ga to run unconfined script
@@ -846,8 +863,8 @@ exit 0
 - Allow icecast rename its log files
 - Allow upsd to send signal to itself
 - Allow wireguard to create udp sockets and read net_conf
-- Use %autosetup instead of %setup
-- Pass -p 1 to %autosetup
+- Use '%autosetup' instead of '%setup'
+- Pass -p 1 to '%autosetup'
 
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
diff --git a/sources b/sources
index 155b3ed..b174766 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-fe62ff6.tar.gz) = 175f8fdb9954b032dbb24668b3df77a423bd49b26b502b547e2a11dcb85999a14249a2cb9222aab641d07eb1532bcb8984565fb5232b519f46c176aff34865ff
-SHA512 (container-selinux.tgz) = 54093a9a8a524e13388ecfc55679121fe18a3588c655fb7d326b226a21ae0b6dbc1aa9cb5ad10ab6149bd88326b2312c3522d22f41c8be151b68ab9a08d31bbe
+SHA512 (selinux-policy-bc228bd.tar.gz) = 4966196ed89433ea0d146719bfcfa970c774d360ed45a413973851a0aaae940b8a16277a972852b7ff4df1d07bbc1ee012ff705c861ec62ecc3ae0d9efaad832
+SHA512 (container-selinux.tgz) = 3402d47f99449a7ea83ae7588e7506f72c7a85f9772d3133a62a165e883c216fe5b8c6d658f9f982fabc00788647dbd57684a69e287cba7d8e2ff2227f69c042
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4