From d558c4f1c70f44e2bb51f3e910f4e1a01662acd3 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Feb 11 2021 21:08:31 +0000
Subject: * Thu Feb 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-1

- Bump version as Fedora 34 has been branched off rawhide
- Allow xdm watch its private lib dirs, /etc, /usr
- Allow systemd-importd create /run/systemd/machines.lock file
- Allow rhsmcertd_t read kpatch lib files
- Add integrity lockdown permission into dev_read_raw_memory()
- Add confidentiality lockdown permission into fs_rw_tracefs_files()
- Allow gpsd read and write ptp4l_t shared memory.
- Allow colord watch its private lib files and /usr
- Allow init watch_reads mount PID files
- Allow IPsec and Certmonger to use opencryptoki services

---

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 334e570..122eaac 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c
+%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.14.7
-Release: 18%{?dist}
+Version: 3.14.8
+Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@@ -792,6 +792,18 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-1
+- Bump version as Fedora 34 has been branched off rawhide
+- Allow xdm watch its private lib dirs, /etc, /usr
+- Allow systemd-importd create /run/systemd/machines.lock file
+- Allow rhsmcertd_t read kpatch lib files
+- Add integrity lockdown permission into dev_read_raw_memory()
+- Add confidentiality lockdown permission into fs_rw_tracefs_files()
+- Allow gpsd read and write ptp4l_t shared memory.
+- Allow colord watch its private lib files and /usr
+- Allow init watch_reads mount PID files
+- Allow IPsec and Certmonger to use opencryptoki services
+
 * Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
 - Allow lockdown confidentiality for domains using perf_event
 - define lockdown class and access
diff --git a/sources b/sources
index 3e5215b..8d60f02 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a
-SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68
+SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725
+SHA512 (container-selinux.tgz) = 67b1a06c43f0779951471c9f36b14936168c0d0f5c9c0c929a499905ab3420b77e43661a39b8ca1b9a2926a7c7b699e0da6e2f2bf88ebd737a2dd67d05fbf88c
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4