Allow apcupsd cgi scripts read /sys
Allow named and ndc the io_uring sqpoll permission
Allow sssd io_uring sqpoll permission

Allow exim read network sysctls
Allow kernel to manage its own BPF objects
Allow plymouthd read/write X server miscellaneous devices
Allow blueman send general signals to unprivileged user domains
Allow logwatch_mail_t read network sysctls

Trim changelog so that it starts at F36 time

Allow rpmdb_migrate execute rpmdb
Allow logrotate dbus chat with systemd-hostnamed
Allow modemmanager create hardware state information files
Allow ModemManager all permissions for netlink route socket
Add journalctl the sys_resource capability

Allow mongodb read filesystem sysctls
Allow mongodb read network sysctls
Allow blueman watch generic device dirs
Allow nm-dispatcher tlp plugin create tlp dirs
Allow systemd-coredump mounton /usr
Allow system_cronjob_t transition to rpm_script_t
Revert "Allow system_cronjob_t domtrans to rpm_script_t"
Allow systemd-resolved send a datagram to journald

Allow systemd-userdbd the sys_resource capability
Additional support for rpmdb_migrate
Allow nm-cloud-setup dispatcher plugin restart nm services
Dontaudit ftpd the execmem permission
Allow icecast rename its log files
Allow systemd-rfkill the bpf capability

Allow apcupsd dbus chat with systemd-logind
Allow nut_domain manage also files and sock_files in /var/run
Label /usr/lib/rpm/rpmdb_migrate with rpmdb_exec_t
Allow tlp read generic SSL certificates
Allow systemd-resolved watch tmpfs directories
Revert "Allow systemd-resolved watch tmpfs directories"
Allow stalld to read /sys/kernel/security/lockdown file

Allow gpsd the sys_ptrace userns capability
Introduce gpsd_tmp_t for sockfiles managed by gpsd_t
Allow ndc read hardware state information
Allow journalctl relabel with var_log_t and syslogd_var_run_t files
Allow systemd-resolved watch tmpfs directories
Allow systemd-timedated watch init runtime dir
donaudit virtlogd and dnsmasq execmem
Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted
Trim changelog so that it starts at F35 time

Reuse tmpfs_t also for the ramfs filesystem
Allow spamc read hardware state information files
Dontaudit systemd-gpt-generator the sys_admin capability
Allow syslogd read network sysctls

Revert "Allow sysadm_t read raw memory devices"
Allow systemd-socket-proxyd get attributes of cgroup filesystems
Allow rpc.gssd read network sysctls
Allow winbind-rpcd get attributes of device and pty filesystems
Allow insights-client domain transition on semanage execution
Allow insights-client create gluster log dir with a transition
Allow insights-client manage generic locks
Allow insights-client unix_read all domain semaphores
Add domain_unix_read_all_semaphores() interface
Allow winbind-rpcd use the terminal multiplexor
Allow mrtg send mails
Allow systemd-hostnamed dbus chat with init scripts
Allow sssd dbus chat with system cronjobs
Add interface to watch all filesystems
Add watch_sb interfaces
Add watch interfaces
Allow dhcpd bpf capability to run bpf programs
Allow netutils and traceroute bpf capability to run bpf programs
Allow pkcs_slotd_t bpf capability to run bpf programs
Allow xdm bpf capability to run bpf programs
Allow pcscd bpf capability to run bpf programs
Allow lldpad bpf capability to run bpf programs
Allow keepalived bpf capability to run bpf programs
Allow ipsec bpf capability to run bpf programs
Allow fprintd bpf capability to run bpf programs
Allow systemd-socket-proxyd get filesystems attributes
Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files

Allow systemd-gpt-generator raw write to a fixed disk
Allow rotatelogs read httpd_log_t symlinks
Add winbind-rpcd to samba_enable_home_dirs boolean
Allow system cronjobs dbus chat with setroubleshoot
Allow setroubleshootd read device sysctls
Allow virt_domain read device sysctls
Allow rhcd compute selinux access vector
Allow insights-client manage samba var dirs
Label ports 10161-10162 tcp/udp with snmp
Allow aide to connect to systemd_machined with a unix socket.
Allow samba-dcerpcd use NSCD services over a unix stream socket
Allow vlock search the contents of the /dev/pts directory
Allow insights-client send null signal to rpm and system cronjob
Label port 15354/tcp and 15354/udp with opendnssec
Allow ftpd map ftpd_var_run files
Allow targetclid to manage tmp files
Allow insights-client connect to postgresql with a unix socket
Allow insights-client domtrans on unix_chkpwd execution
Add file context entries for insights-client and rhc
Allow pulseaudio create gnome content (~/.config)
Allow login_userdomain dbus chat with rhsmcertd
Allow sbd the sys_ptrace capability
Allow ptp4l_t name_bind ptp_event_port_t

Remove the ipa module
Allow sss daemons read/write unnamed pipes of cloud-init
Allow postfix_mailqueue create and use unix dgram sockets
Allow xdm watch user home directories
Allow nm-dispatcher ddclient plugin load a kernel module
Stop ignoring standalone interface files
Drop cockpit module
Allow init map its private tmp files
Allow xenstored change its hard resource limits
Allow system_mail-t read network sysctls
Add bgpd sys_chroot capability

Update make-rhat-patches.sh file to use the f37 dist-git branch in F37

nut-upsd: kernel_read_system_state, fs_getattr_cgroup
Add numad the ipc_owner capability
Allow gst-plugin-scanner read virtual memory sysctls
Allow init read/write inherited user fifo files
Update dnssec-trigger policy: setsched, module_request
added policy for systemd-socket-proxyd
Add the new 'cmd' permission to the 'io_uring' class
Allow winbind-rpcd read and write its key ring
Label /run/NetworkManager/no-stub-resolv.conf net_conf_t
Fix typo in comment
Do not run restorecon /etc/NetworkManager/dispatcher.d in mls and minimum

Allow tor get filesystem attributes
Allow utempter append to login_userdomain stream
Allow login_userdomain accept a stream connection to XDM
Allow login_userdomain write to boltd named pipes
Allow staff_u and user_u users write to bolt pipe
Allow login_userdomain watch various directories
Update rhcd policy for executing additional commands 5
Update rhcd policy for executing additional commands 4
Allow rhcd create rpm hawkey logs with correct label
Allow systemd-gpt-auto-generator to check for empty dirs
Update rhcd policy for executing additional commands 3
Allow journalctl read rhcd fifo files
Update insights-client policy for additional commands execution 5
Allow init remount all file_type filesystems
Confine insights-client systemd unit
Update insights-client policy for additional commands execution 4
Allow pcp pmcd search tracefs and acct_data dirs
Allow httpd read network sysctls
Dontaudit domain map permission on directories
Revert "Allow X userdomains to mmap user_fonts_cache_t dirs"
Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)"
Update insights-client policy for additional commands execution 3
Allow systemd permissions needed for sandboxed services
Add rhcd module
Make dependency on rpm-plugin-selinux unordered

Allow ipsec_t read/write tpm devices
Allow rhcd execute all executables
Update rhcd policy for executing additional commands 2
Update insights-client policy for additional commands execution 2
Allow sysadm_t read raw memory devices
Allow chronyd send and receive chronyd/ntp client packets
Allow ssh client read kerberos homedir config files
Label /var/log/rhc-worker-playbook with rhcd_var_log_t
Update insights-client policy (auditctl, gpg, journal)
Allow system_cronjob_t domtrans to rpm_script_t
Allow smbd_t process noatsecure permission for winbind_rpcd_t
Update tor_bind_all_unreserved_ports interface
Allow chronyd bind UDP sockets to ptp_event ports.
Allow unconfined and sysadm users transition for /root/.gnupg
Add gpg_filetrans_admin_home_content() interface
Update rhcd policy for executing additional commands
Update insights-client policy for additional commands execution
Add userdom_view_all_users_keys() interface
Allow gpg read and write generic pty type
Allow chronyc read and write generic pty type
Allow system_dbusd ioctl kernel with a unix stream sockets
Allow samba-bgqd to read a printer list
Allow stalld get and set scheduling policy of all domains.
Allow unconfined_t transition to targetclid_home_t