From 2d11fcc9abd766fa03f1adbab2a8675c083d2fe2 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Oct 19 2023 15:46:31 +0000
Subject: * Thu Oct 19 2023 Zdenek Pytela <zpytela@redhat.com> - 40.4-1

- Add map_read map_write to kernel_prog_run_bpf
- Allow systemd-fstab-generator read all symlinks
- Allow systemd-fstab-generator the dac_override capability
- Allow rpcbind read network sysctls
- Support using systemd containers
- Allow sysadm_t to connect to iscsid using a unix domain stream socket
- Add policy for coreos installer
- Add coreos_installer to modules-targeted-contrib.conf

---

diff --git a/selinux-policy.spec b/selinux-policy.spec
index d1d9643..2a9b795 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 9a662e69d4fcbd46c6d1bb837b6f4d94c19f16aa
+%global commit 4c131aa69d180f74bd775c517da73b7c41c67458
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.3
+Version: 40.4
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -814,6 +814,16 @@ exit 0
 %endif
 
 %changelog
+* Thu Oct 19 2023 Zdenek Pytela <zpytela@redhat.com> - 40.4-1
+- Add map_read map_write to kernel_prog_run_bpf
+- Allow systemd-fstab-generator read all symlinks
+- Allow systemd-fstab-generator the dac_override capability
+- Allow rpcbind read network sysctls
+- Support using systemd containers
+- Allow sysadm_t to connect to iscsid using a unix domain stream socket
+- Add policy for coreos installer
+- Add coreos_installer to modules-targeted-contrib.conf
+
 * Tue Oct 17 2023 Zdenek Pytela <zpytela@redhat.com> - 40.3-1
 - Add policy for nvme-stas
 - Confine systemd fstab,sysv,rc-local
diff --git a/sources b/sources
index d05bed9..37e1eef 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-9a662e6.tar.gz) = efd53772e2f30caa51d291c35a788f088c6bdd46543c83c79fb67bc66d1043f8608b0fb1ae60f777760729cc66a3c08d06c22e89a057eb7cc74b9d33dd7608cc
-SHA512 (container-selinux.tgz) = fea921db4a9a846921ec47a233d63f80773b75b52ce13f33d72ddecc7eeb3127f199d0023920e971d73a3157bbef37da373b9d513d2a9519cfddda0246d828c5
+SHA512 (selinux-policy-4c131aa.tar.gz) = ba1c3eee258b8b054f4610179adcb37bbf9a3f1107b872926406accee6acdb007149b36f952652a74b80347ea7d574ef09cb1354b9e8b9754d8caefae2820fbc
+SHA512 (container-selinux.tgz) = 81d22300ea446a9e093aa206a2bb848ebb8227b4312afb90962bfb15133552e35d2bada0ab437d836614cb3be1afd99534b78dc8b5fc19ce08b895452a7ca626
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4