From 57458767dbcf0061568c7ff70c3561c9474932f1 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Nov 01 2022 10:54:56 +0000
Subject: * Tue Nov 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.14-1

- Allow systemd-gpt-generator raw write to a fixed disk
- Allow rotatelogs read httpd_log_t symlinks
- Add winbind-rpcd to samba_enable_home_dirs boolean
- Allow system cronjobs dbus chat with setroubleshoot
- Allow setroubleshootd read device sysctls
- Allow virt_domain read device sysctls
- Allow rhcd compute selinux access vector
- Allow insights-client manage samba var dirs
- Label ports 10161-10162 tcp/udp with snmp
- Allow aide to connect to systemd_machined with a unix socket.
- Allow samba-dcerpcd use NSCD services over a unix stream socket
- Allow vlock search the contents of the /dev/pts directory
- Allow insights-client send null signal to rpm and system cronjob
- Label port 15354/tcp and 15354/udp with opendnssec
- Allow ftpd map ftpd_var_run files
- Allow targetclid to manage tmp files
- Allow insights-client connect to postgresql with a unix socket
- Allow insights-client domtrans on unix_chkpwd execution
- Add file context entries for insights-client and rhc
- Allow pulseaudio create gnome content (~/.config)
- Allow login_userdomain dbus chat with rhsmcertd
- Allow sbd the sys_ptrace capability
- Allow ptp4l_t name_bind ptp_event_port_t

---

diff --git a/selinux-policy.spec b/selinux-policy.spec
index db68935..116bac8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit f60ed3b80468627c2d34be7d95084ae5c6ddb342
+%global commit c0f6c3be2b0059221dfc086ceb0632ad726fa34d
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 37.12
-Release: 2%{?dist}
+Version: 37.14
+Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -816,6 +816,44 @@ exit 0
 %endif
 
 %changelog
+* Tue Nov 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.14-1
+- Allow systemd-gpt-generator raw write to a fixed disk
+- Allow rotatelogs read httpd_log_t symlinks
+- Add winbind-rpcd to samba_enable_home_dirs boolean
+- Allow system cronjobs dbus chat with setroubleshoot
+- Allow setroubleshootd read device sysctls
+- Allow virt_domain read device sysctls
+- Allow rhcd compute selinux access vector
+- Allow insights-client manage samba var dirs
+- Label ports 10161-10162 tcp/udp with snmp
+- Allow aide to connect to systemd_machined with a unix socket.
+- Allow samba-dcerpcd use NSCD services over a unix stream socket
+- Allow vlock search the contents of the /dev/pts directory
+- Allow insights-client send null signal to rpm and system cronjob
+- Label port 15354/tcp and 15354/udp with opendnssec
+- Allow ftpd map ftpd_var_run files
+- Allow targetclid to manage tmp files
+- Allow insights-client connect to postgresql with a unix socket
+- Allow insights-client domtrans on unix_chkpwd execution
+- Add file context entries for insights-client and rhc
+- Allow pulseaudio create gnome content (~/.config)
+- Allow login_userdomain dbus chat with rhsmcertd
+- Allow sbd the sys_ptrace capability
+- Allow ptp4l_t name_bind ptp_event_port_t
+
+* Mon Oct 03 2022 Zdenek Pytela <zpytela@redhat.com> - 37.13-1
+- Remove the ipa module
+- Allow sss daemons read/write unnamed pipes of cloud-init
+- Allow postfix_mailqueue create and use unix dgram sockets
+- Allow xdm watch user home directories
+- Allow nm-dispatcher ddclient plugin load a kernel module
+- Stop ignoring standalone interface files
+- Drop cockpit module
+- Allow init map its private tmp files
+- Allow xenstored change its hard resource limits
+- Allow system_mail-t read network sysctls
+- Add bgpd sys_chroot capability
+
 * Fri Sep 23 2022 Zdenek Pytela <zpytela@redhat.com> - 37.12-2
 - Update make-rhat-patches.sh file to use the f37 dist-git branch in F37
 
diff --git a/sources b/sources
index 7db90fb..a4f7cb7 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-f60ed3b.tar.gz) = be057dc091cf9cedd18dedcf10025cd8af4f53f1464643276a9883c2814c91007d8c9c13eff23d5badeb9fd37cae5fb28a9c735ed0f2c3df81090254539682d8
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = d300ab419af8c16c5bcb24c35f715f83ba9e2b46320abeb6c33746d4aac6ef66448aede2ef63c7b78d5e541046b7a13b7c756854151a8bf61ce62f8d5c4404af
+SHA512 (container-selinux.tgz) = bede953b114443f7ae3fbba195b6ecbe9c7ceb6acbcabd60a68b5586e1c5323a6382ac56b54c0bcc883382cec72dd7864fa1a3acd57dc9c464c5c65601784d34
+SHA512 (selinux-policy-c0f6c3b.tar.gz) = b72b31a14232ee2b5c58475437384532b4da89cdaf3e3a01977b5e145aad81d8ebbd7396112776593b2ba9e94e85b66cee053782a3a75ccbb2b2d1a336a8117c