From 3217953fb68b227faf4668199428d217880b4edb Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Jun 29 2023 09:47:37 +0000
Subject: * Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.20-1

- Allow httpd tcp connect to redis port conditionally
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
- Dontaudit aide the execmem permission
- Remove permissive from fdo
- Allow sa-update manage spamc home files
- Allow sa-update connect to systemlog services
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
- Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t
- Allow bootupd search EFI directory

---

diff --git a/selinux-policy.spec b/selinux-policy.spec
index fb18c3f..cb668c8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 53710b6d1b141a4c07e737f11ca6855252829a5b
+%global commit 10f97f8f911402735ec67cc4704c4061999bd949
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 %define distro redhat
@@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.19
+Version: 38.20
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@@ -814,6 +814,17 @@ exit 0
 %endif
 
 %changelog
+* Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.20-1
+- Allow httpd tcp connect to redis port conditionally
+- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
+- Dontaudit aide the execmem permission
+- Remove permissive from fdo
+- Allow sa-update manage spamc home files
+- Allow sa-update connect to systemlog services
+- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
+- Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t
+- Allow bootupd search EFI directory
+
 * Tue Jun 27 2023 Zdenek Pytela <zpytela@redhat.com> - 38.19-1
 - Change init_audit_control default value to true
 - Allow nfsidmapd connect to systemd-userdbd with a unix socket
diff --git a/sources b/sources
index 6d775d2..c0d18a9 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-53710b6.tar.gz) = 1ba54b34fa85d792a525834c0a4b3dd10b1eec1c91041af075039ffbd7d66d138a2d48f9ba7a253c63c91aa847fce2eeb338a5faba16efa0e4f1ad2d1472285a
+SHA512 (selinux-policy-10f97f8.tar.gz) = 8bfac2f650e1e6e58a5eae3759a2aa7df7d5b5d953993aa6b618df7a6d4d39f54f9528f4e6cc2b511d64a4873591895211a6741987f0c246823d7a4c65473128
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 30aa87e1bbaba2b20ab244cd41cca1068452ac4e88238b9d3400c95135e164731b817ace241f9e7a0bc99837cb917f03f1fd9ba589a88f0484fce283ed5c3e54
+SHA512 (container-selinux.tgz) = 23214fe5f085ac5d39ca1719b7e7fcb63bf8481565562aef5b2fa45650e7f516d060b207ef8b5c44f3af0039d3e3f0de01afeb2ea59d6ff08fbd34665b3d5e70