Update make-rhat-patches.sh file to use the f38 dist-git branch in F38

Confine gnome-initial-setup
Allow qemu-guest-agent create and use vsock socket
Allow login_pgm setcap permission
Allow chronyc read network sysctls
Enhancement of the /usr/sbin/request-key helper policy
Fix opencryptoki file names in /dev/shm
Allow system_cronjob_t transition to rpm_script_t
Revert "Allow system_cronjob_t domtrans to rpm_script_t"
Add tunable to allow squid bind snmp port
Allow staff_t getattr init pid chr & blk files and read krb5
Allow firewalld to rw z90crypt device
Allow httpd work with tokens in /dev/shm
Allow svirt to map svirt_image_t char files
Allow sysadm_t run initrc_t script and sysadm_r role access
Allow insights-client manage fsadm pid files

Allowing snapper to create snapshots of /home/ subvolume/partition
Add boolean qemu-ga to run unconfined script
Label systemd-journald feature LogNamespace
Add none file context for polyinstantiated tmp dirs
Allow certmonger read the contents of the sysfs filesystem
Add journalctl the sys_resource capability
Allow nm-dispatcher plugins read generic files in /proc
Add initial policy for the /usr/sbin/request-key helper
Additional support for rpmdb_migrate
Add the keyutils module

Boolean: allow qemu-ga read ssh home directory
Allow kernel_t to read/write all sockets
Allow kernel_t to UNIX-stream connect to all domains
Allow systemd-resolved send a datagram to journald
Allow kernel_t to manage and have "execute" access to all files
Fix the files_manage_all_files() interface
Allow rshim bpf cap2 and read sssd public files
Allow insights-client work with su and lpstat
Allow insights-client tcp connect to all ports
Allow nm-cloud-setup dispatcher plugin restart nm services
Allow unconfined user filetransition for sudo log files
Allow modemmanager create hardware state information files
Allow ModemManager all permissions for netlink route socket
Allow wg to send msg to kernel, write to syslog and dbus connections
Allow hostname_t to read network sysctls.
Dontaudit ftpd the execmem permission
Allow svirt request the kernel to load a module
Allow icecast rename its log files
Allow upsd to send signal to itself
Allow wireguard to create udp sockets and read net_conf
Use '
q

Pass -p 1 to '
q

Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

Allow insights client work with gluster and pcp
Add insights additional capabilities
Add interfaces in domain, files, and unconfined modules
Label fwupdoffline and fwupd-detect-cet with fwupd_exec_t
Allow sudodomain use sudo.log as a logfile
Allow pdns server map its library files and bind to unreserved ports
Allow sysadm_t read/write ipmi devices
Allow prosody manage its runtime socket files
Allow kernel threads manage kernel keys
Allow systemd-userdbd the sys_resource capability
Allow systemd-journal list cgroup directories
Allow apcupsd dbus chat with systemd-logind
Allow nut_domain manage also files and sock_files in /var/run
Allow winbind-rpcd make a TCP connection to the ldap port
Label /usr/lib/rpm/rpmdb_migrate with rpmdb_exec_t
Allow tlp read generic SSL certificates
Allow systemd-resolved watch tmpfs directories
Revert "Allow systemd-resolved watch tmpfs directories"

Allow NetworkManager and wpa_supplicant the bpf capability
Allow systemd-rfkill the bpf capability
Allow winbind-rpcd manage samba_share_t files and dirs
Allow gpsd the sys_ptrace userns capability
Introduce gpsd_tmp_t for sockfiles managed by gpsd_t
Allow load_policy_t write to unallocated ttys
Allow ndc read hardware state information
Allow system mail service read inherited certmonger runtime files
Add lpr_roles to system_r roles
Revert "Allow insights-client run lpr and allow the proper role"
Allow stalld to read /sys/kernel/security/lockdown file
Allow keepalived to set resource limits
Add policy for mptcpd
Add policy for rshim
Allow admin users to create user namespaces
Allow journalctl relabel with var_log_t and syslogd_var_run_t files
Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted
Trim changelog so that it starts at F35 time
Add mptcpd and rshim modules

Allow insights-client dbus chat with various services
Allow insights-client tcp connect to various ports
Allow insights-client run lpr and allow the proper role
Allow insights-client work with pcp and manage user config files
Allow redis get user names
Allow kernel threads to use fds from all domains
Allow systemd-modules-load load kernel modules
Allow login_userdomain watch systemd-passwd pid dirs
Allow insights-client dbus chat with abrt
Grant kernel_t certain permissions in the system class
Allow systemd-resolved watch tmpfs directories
Allow systemd-timedated watch init runtime dir
Make `bootc` be `install_exec_t`
Allow systemd-coredump create user_namespace
Allow syslog the setpcap capability
donaudit virtlogd and dnsmasq execmem

Don't make kernel_t an unconfined domain
Don't allow kernel_t to execute bin_t/usr_t binaries without a transition
Allow kernel_t to execute systemctl to do a poweroff/reboot
Grant basic permissions to the domain created by systemd_systemctl_domain()
Allow kernel_t to request module loading
Allow kernel_t to do compute_create
Allow kernel_t to manage perf events
Grant almost all capabilities to kernel_t
Allow kernel_t to fully manage all devices
Revert "In domain_transition_pattern there is no permission allowing caller domain to execu_no_trans on entrypoint, this patch fixing this issue"
Allow pulseaudio to write to session_dbusd tmp socket files
Allow systemd and unconfined_domain_type create user_namespace
Add the user_namespace security class
Reuse tmpfs_t also for the ramfs filesystem
Label udf tools with fsadm_exec_t
Allow networkmanager_dispatcher_plugin work with nscd
Watch_sb all file type directories.
Allow spamc read hardware state information files
Allow sysadm read ipmi devices
Allow insights client communicate with cupsd, mysqld, openvswitch, redis
Allow insights client read raw memory devices
Allow the spamd_update_t domain get generic filesystem attributes
Dontaudit systemd-gpt-generator the sys_admin capability
Allow ipsec_t only read tpm devices
Allow cups-pdf connect to the system log service
Allow postfix/smtpd read kerberos key table
Allow syslogd read network sysctls
Allow cdcc mmap dcc-client-map files
Add watch and watch_sb dosfs interface

Revert "Allow sysadm_t read raw memory devices"
Allow systemd-socket-proxyd get attributes of cgroup filesystems
Allow rpc.gssd read network sysctls
Allow winbind-rpcd get attributes of device and pty filesystems
Allow insights-client domain transition on semanage execution
Allow insights-client create gluster log dir with a transition
Allow insights-client manage generic locks
Allow insights-client unix_read all domain semaphores
Add domain_unix_read_all_semaphores() interface
Allow winbind-rpcd use the terminal multiplexor
Allow mrtg send mails
Allow systemd-hostnamed dbus chat with init scripts
Allow sssd dbus chat with system cronjobs
Add interface to watch all filesystems
Add watch_sb interfaces
Add watch interfaces
Allow dhcpd bpf capability to run bpf programs
Allow netutils and traceroute bpf capability to run bpf programs
Allow pkcs_slotd_t bpf capability to run bpf programs
Allow xdm bpf capability to run bpf programs
Allow pcscd bpf capability to run bpf programs
Allow lldpad bpf capability to run bpf programs
Allow keepalived bpf capability to run bpf programs
Allow ipsec bpf capability to run bpf programs
Allow fprintd bpf capability to run bpf programs
Allow systemd-socket-proxyd get filesystems attributes
Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files

Allow rotatelogs read httpd_log_t symlinks
Add winbind-rpcd to samba_enable_home_dirs boolean
Allow system cronjobs dbus chat with setroubleshoot
Allow setroubleshootd read device sysctls
Allow virt_domain read device sysctls
Allow rhcd compute selinux access vector
Allow insights-client manage samba var dirs
Label ports 10161-10162 tcp/udp with snmp
Allow aide to connect to systemd_machined with a unix socket.
Allow samba-dcerpcd use NSCD services over a unix stream socket
Allow vlock search the contents of the /dev/pts directory
Allow insights-client send null signal to rpm and system cronjob
Label port 15354/tcp and 15354/udp with opendnssec
Allow ftpd map ftpd_var_run files
Allow targetclid to manage tmp files
Allow insights-client connect to postgresql with a unix socket
Allow insights-client domtrans on unix_chkpwd execution
Add file context entries for insights-client and rhc
Allow pulseaudio create gnome content (~/.config)
Allow login_userdomain dbus chat with rhsmcertd
Allow sbd the sys_ptrace capability
Allow ptp4l_t name_bind ptp_event_port_t

Remove the ipa module
Allow sss daemons read/write unnamed pipes of cloud-init
Allow postfix_mailqueue create and use unix dgram sockets
Allow xdm watch user home directories
Allow nm-dispatcher ddclient plugin load a kernel module
Stop ignoring standalone interface files
Drop cockpit module
Allow init map its private tmp files
Allow xenstored change its hard resource limits
Allow system_mail-t read network sysctls
Add bgpd sys_chroot capability