Update samba-bgqd policy
69512
Allow samba-bgqd read cups config files
69512
Allow virtqemud additional permissions for tmpfs_t blk devices
61235
Allow virtqemud rw access to svirt_image_t chr files
61235
Allow virtqemud rw and setattr access to fixed block devices
61235
Label /etc/mdevctl.d/scripts.d with bin_t
39893
39893
Allow virtnodedev watch mdevctl config dirs
39893
Make mdevctl_conf_t member of the file_type attribute
39893
Label /etc/mdevctl.d with mdevctl_conf_t
39893
Allow virtqemud relabelfrom virt_log_t files
48236
Allow virtqemud_t relabel virtqemud_var_run_t sock_files
48236
Allow virtqemud relabelfrom virtqemud_var_run_t dirs
48236
Allow svirt_tcg_t read virtqemud_t fifo_files
48236
Allow virtqemud rw and setattr access to sev devices
69128
Allow virtqemud directly read and write to a fixed disk
61235
Allow svirt_t the sys_rawio capability
61235
Allow svirt_t the sys_rawio capability
61235
Allow virtqemud connect to sanlock over a unix stream socket
44352
allow gdm and iiosensorproxy talk to each other via D-bus
70850
Allow sendmail to map mail server configuration files
54014
Allow procmail to read mail aliases
54014
Grant rhsmcertd chown capability & userdb access
68481

Fix the file type for /run/systemd/generator
68313

Allow qatlib search the content of the kernel debugging filesystem
66334
Allow qatlib connect to systemd-machined over a unix socket
66334
Update policy for samba-bgqd
64908
Allow httpd get attributes of dirsrv unit files
62706
Allow virtstoraged read vm sysctls
61742
Allow virtstoraged execute mount programs in the mount domain
61742
Update policy for rpc-virtstorage
61742
Allow virtstoraged get attributes of configfs dirs
61742
Allow virt_driver_domain read virtd-lxc files in /proc
61742
Allow virtstoraged manage files with virt_content_t type
61742
Allow virtstoraged use the io_uring API
61742
Allow virtstoraged execute lvm programs in the lvm domain
61742
Allow svirt_t connect to unconfined_t over a unix domain socket
61246
Label /usr/lib/node_modules_22/npm/bin with bin_t
56350
Allow bacula execute container in the container domain
39529
Label /run/systemd/generator with systemd_unit_file_t
68313

mls/modules.conf - fix typo
Use dist/targeted/modules.conf in build workflow
Fix default and dist config files
CI: update to actions/checkout@v4
Clean up and sync securetty_types
Bring config files from dist-git into the source repo
Sync users with Fedora targeted users

Revert "Allow unconfined_t execute kmod in the kmod domain"
65190
Add policy for /usr/libexec/samba/samba-bgqd
64908
Label samba certificates with samba_cert_t
64908
Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t
64908
Allow rpcd read network sysctls
64737
Label all semanage store files in /etc as semanage_store_t
65864

Bump release for October 2024 mass rebuild:
64018

Dontaudit subscription manager setfscreate and read file contexts
58009
Allow the sysadm user use the secretmem API
40953
Allow sudodomain list files in /var
58068
Allow gnome-remote-desktop watch /etc directory
35877
Allow journalctl connect to systemd-userdbd over a unix socket
58072
systemd: allow sys_admin capability for systemd_notify_t
58072
Allow some confined users send to lldpad over a unix dgram socket
61634
Allow lldpad send to sysadm_t over a unix dgram socket
61634
Allow lldpd connect to systemd-machined over a unix socket
61634

Allow ping_t read network sysctls
54299
Label /usr/lib/node_modules/npm/bin with bin_t
56350
Label /run/sssd with sssd_var_run_t
57065
Allow virtqemud read virtd_t files
57713
Allow wdmd read hardware state information
57982
Allow wdmd list the contents of the sysfs directories
57982
Label /etc/sysctl.d and /run/sysctl.d with system_conf_t
58380
Allow dirsrv read network sysctls
58381
Allow lldpad create and use netlink_generic_socket
61634
Allow unconfined_t execute kmod in the kmod domain
61755
Confine the pcm service
52838
Allow iio-sensor-proxy the bpf capability
62355
Confine iio-sensor-proxy
62355

Confine gnome-remote-desktop
35877
Allow virtqemud get attributes of a tmpfs filesystem
40855
Allow virtqemud get attributes of cifs files
40855
Allow virtqemud get attributes of filesystems with extended attributes
39668
Allow virtqemud get attributes of NFS filesystems
40855
Add support for secretmem anon inode
40953
Allow systemd-sleep read raw disk data
49600
Allow systemd-hwdb send messages to kernel unix datagram sockets
50810
Label /run/modprobe.d with modules_conf_t
54591
Allow setsebool_t relabel selinux data files
55412
Don't audit crontab_domain write attempts to user home
56349
Differentiate between staff and sysadm when executing crontab with sudo
56349
Add crontab_admin_domtrans interface
56349
Add crontab_domtrans interface
56349
Allow boothd connect to kernel over a unix socket
58060
Fix label of pseudoterminals created from sudodomain
58068
systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
58072
Allow rsyslog read systemd-logind session files
40961
Label /dev/mmcblk0rpmb character device with removable_device_t
55265
Label /dev/hfi1_[0-9]+ devices
62836
Label /dev/papr-sysparm and /dev/papr-vpd
56908
Support SGX devices
62354
Suppress semodule's stderr
59192

Allow virtqemud relabelfrom also for file and sock_file
49763
Allow virtqemud relabel user tmp files and socket files
49763
Update virtqemud policy for libguestfs usage
49763
Label /run/libvirt/qemu/channel with virtqemud_var_run_t
47274

Add virt_create_log() and virt_write_log() interfaces
47274
Update libvirt policy
45464
49763
Allow svirt_tcg_t map svirt_image_t files
47274
Allow svirt_tcg_t read vm sysctls
47274
Additional updates stalld policy for bpf usage
50356

Add the swtpm.if interface file for interactions with other domains
47274
Allow virtproxyd create and use its private tmp files
40499
Allow virtproxyd read network state
40499
Allow virtqemud domain transition on swtpm execution
47274
49763
Allow virtqemud relabel virt_var_run_t directories
47274
45464
49763
Allow virtqemud domain transition on passt execution
45464
Allow virt_driver_domain create and use log files in /var/log
40239
Allow virt_driver_domain connect to systemd-userdbd over a unix socket
44932
44898
Update stalld policy for bpf usage
50356
Allow boothd connect to systemd-userdbd over a unix socket
45907
Allow linuxptp configure phc2sys and chronyd over a unix domain socket
46011
Allow systemd-machined manage runtime sockets
49567
Allow ip command write to ipsec's logs
41222
Allow init_t nnp domain transition to firewalld_t
52481
Update qatlib policy for v24.02 with new features
50377
Allow postfix_domain map postfix_etc_t files
46327

Allow virtnodedevd run udev with a domain transition
39890
Allow virtnodedev_t create and use virtnodedev_lock_t
39890
Allow svirt attach_queue to a virtqemud tun_socket
44312
Label /run/systemd/machine with systemd_machined_var_run_t
49567
Allow to create and delete socket files created by rhsm.service

Allow to create and delete socket files created by rhsm.service
40857
Allow svirt read virtqemud fifo files
40350
Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
37822
Allow virtqemud read virt-dbus process state
37822
Allow virtqemud run ssh client with a transition
43215
Allow virtnetworkd exec shell when virt_hooks_unconfined is on
41168
Allow NetworkManager the sys_ptrace capability in user namespace
46717
Update keyutils policy
38920
Allow ip the setexec permission
41182

Confine libvirt-dbus
37822
Allow sssd create and use io_uring
43448
Allow virtqemud the kill capability in user namespace
44996
Allow login_userdomain execute systemd-tmpfiles in the caller domain
44191
Allow virtqemud read vm sysctls
40938
Allow svirt_t read vm sysctls
40938
Allow rshim get options of the netlink class for KOBJECT_UEVENT family
40859
Allow systemd-hostnamed read the vsock device
45309
Allow systemd (PID 1) manage systemd conf files
45304
Allow journald read systemd config files and directories
45304
Allow systemd_domain read systemd_conf_t dirs
45304
Label systemd configuration files with systemd_conf_t
45304
Allow dhcpcd the kill capability
43417
Add support for libvirt hooks
41168

Bump release for June 2024 mass rebuild