rebuild

Allow insights-client rpm named file transitions
Add /var/tmp/insights-archive to insights_client_filetrans_named_content
Use insights_client_filetrans_named_content
Make default file context match with named transitions
Allow rhsmcertd to read insights config files
Label /etc/insights-client/machine-id

Add the init_status_config_transient_files() interface
Allow transition to insights_client named content
Allow init_t to rw insights_client unnamed pipe
Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
Add the gpg_manage_admin_home_content() interface
Update insights_client_filetrans_named_content()
Add the insights_client_filetrans_named_content() interface
Update policy for insights-client to run additional commands 3
Allow insights-client get status of the systemd transient scripts
Allow insights-client execute its private memfd: objects
Update policy for insights-client to run additional commands 2
Do not call systemd_userdbd_stream_connect() for insights-client
Use insights_client_tmp_t instead of insights_client_var_tmp_t
Change space indentation to tab in insights-client
Use socket permissions sets in insights-client
Update policy for insights-client to run additional commands
Change rpm_setattr_db_files() to use a pattern
Add rpm setattr db files macro
Fix insights client
Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
Allow insights-client manage gpg admin home content
Label /var/cache/insights with insights_client_cache_t
Allow insights-client search gconf homedir
Allow insights-client create and use unix_dgram_socket
Allow insights-client create_socket_perms for tcp/udp sockets
Allow insights-client read rhnsd config files
Allow insights-client search rhnsd configuration directory

Label more vdsm utils with virtd_exec_t

Allow hostapd talk with unconfined user over unix domain dgram socket

Allow chronyd send a message to sosreport over datagram socket
Allow systemd-logind dbus chat with sosreport

Allow systemd-networkd dbus chat with sosreport
Allow sysadm_passwd_t to relabel passwd and group files
Allow confined sysadmin to use tool vipw
Allow sosreport dbus chat with abrt and timedatex
Remove unnecessary /etc file transitions for insights-client
Label all content in /var/lib/insights with insights_client_var_lib_t
Update insights-client policy
Update insights-client: fc pattern, motd, writing to etc
Remove permissive domain for insights_client_t
New policy for insight-client
Add the insights_client module
Update specfile to buildrequire policycoreutils-devel >= 2.9-19
Add modules_checksum to %files

Allow postfix_domain read dovecot certificates 1/2
Dontaudit dirsrv search filesystem sysctl directories 1/2
Allow chage domtrans to sssd
Allow postfix_domain read dovecot certificates 2/2
Allow ctdb create cluster logs
Allow alsa bind mixer controls to led triggers
Allow alsactl set group Process ID of a process
Dontaudit mdadm list dirsrv tmpfs dirs
Dontaudit dirsrv search filesystem sysctl directories 2/2
Revert "Label NetworkManager-dispatcher service with separate context"
Revert "Allow NetworkManager-dispatcher dbus chat with NetworkManager"

Allow NetworkManager-dispatcher dbus chat with NetworkManager

Fix badly indented used interfaces
Allow domain transition to sssd_t 1/2
Allow confined users to use kinit,klist and etc.
Allow login_userdomain open/read/map system journal
Allow init read stratis data symlinks 2/2
Label new utility of NetworkManager nm-priv-helper
Label NetworkManager-dispatcher service with separate context
Allow domtrans to sssd_t and role access to sssd
Creating interface sssd_run_sssd()
Allow domain transition to sssd_t 2/2
Allow timedatex dbus chat with xdm
Associate stratisd_data_t with device filesystem
Allow init read stratis data symlinks 1/2
Allow rhsmcertd create rpm hawkey logs with correct label

Allow NetworkManager talk with unconfined user over unix domain dgram socket
Allow system_mail_t read inherited apache system content rw files
Add apache_read_inherited_sys_content_rw_files() interface
Allow rhsm-service execute its private memfd: objects
Allow dirsrv read configfs files and directories
Label /run/stratisd with stratisd_var_run_t
Fix path for excluding container.if from selinux-policy-devel

Revert "Label /etc/cockpit/ws-certs.d with cert_t"

Set default file context for /sys/firmware/efi/efivars
Allow sysadm_t start and stop transient services
Label /etc/cockpit/ws-certs.d with cert_t
Allow smbcontrol read the network state information
Allow rhsm-service read/write its private memfd: objects
Allow fcoemon request the kernel to load a module
Allow radiusd connect to the radacct port
Label /var/lib/shorewall6-lite with shorewall_var_lib_t
Exclude container.if from selinux-policy-devel

Allow sysadm execute sysadmctl in sysadm_t domain using sudo
Allow local_login_t get attributes of tmpfs filesystems
Allow local_login_t get attributes of filesystems with ext attributes
Allow local_login_t domain to getattr cgroup filesystem
Allow systemd read unlabeled symbolic links
Allow userdomains use pam_ssh_agent_auth for passwordless sudo
Allow sudodomains execute passwd in the passwd domain
Label authcompat.py with authconfig_exec_t
Dontaudit pkcsslotd sys_admin capability
Allow lldpd connect to snmpd with a unix domain stream socket

Allow unconfined_t to node_bind icmp_sockets in node_t domain
Allow rhsmcertd get attributes of tmpfs_t filesystems
The nfsdcld service is now confined by SELinux
Allow smbcontrol use additional socket types
Allow lldpd use an snmp subagent over a tcp socket

Allow sysadm_t read/write pkcs shared memory segments
Allow sysadm_t connect to sanlock over a unix stream socket
Allow sysadm_t dbus chat with sssd
Allow sysadm_t set attributes on character device nodes
Allow sysadm_t read and write watchdog devices
Allow sysadm_t connect to cluster domains over a unix stream socket
Allow sysadm_t dbus chat with tuned 2/2
Update userdom_exec_user_tmp_files() with an entrypoint rule
Allow sudodomain send a null signal to sshd processes
Allow sysadm_t dbus chat with tuned 1/2
Allow cloud-init dbus chat with systemd-logind
Allow svnserve send mail from the system
Allow svnserve_t domain to read system state