From 45c7c330366c41a5e6e4bca4f650fba6f850b078 Mon Sep 17 00:00:00 2001
From: anolis-bot <sam.zyc@alibaba-inc.com>
Date: Thu, 10 Nov 2022 20:38:38 +0800
Subject: [PATCH 1/2] update to selinux-policy-3.14.3-108.el8

Signed-off-by: anolis-bot <sam.zyc@alibaba-inc.com>
---
 container-selinux.tgz | Bin 11580 -> 11583 bytes
 dist                  |   2 +-
 download              |   4 +-
 selinux-policy.spec   | 274 +++++++++++++++++++++++++++++++++---------
 4 files changed, 217 insertions(+), 63 deletions(-)

diff --git a/container-selinux.tgz b/container-selinux.tgz
index a694d514ab986acce5087c9addb932f9ece848c7..bd2f5f8287d12b33dd3a0451fc065f656cd532c2 100644
GIT binary patch
literal 11583
zcmV-FEx^(riwFP!000001MPiVkK9Odu3pu@f{+H7?uFDXwKUqbG+tvdW5C8awg<Zl
zzj%CV*(9rq+bohpvbxnP$iLkgdB0ysmZld+h0#<s8S&*kGa@oFvgq0=uiI+4thY~2
z^m&Co@7}(J@7KTm?v?zFKHt50_uJP`UcY_w>fM{~-o1T&{p8i_H*elvKgnL5Dns(;
zI8OPHWl#RrKTK7VJLy92|4u*8pJ(5X$HO5X9)ADleU){6)xI3N<4{yt-uF#i<Wt?X
zS;6{AR<%3yefj+rV>>&09{D+wQ$v3|{pXKWahxg%y>7E<FFz=|1Nw1^S+6AC?E5|+
z@<Z0<hw2}n5vpguH&XZ!zsT~Y>F%pCo4RZo@^-ADP&UvjjEa7r)$LRb+q|gG|H5;#
z8IJ8#AF2&X5956M;xA`UcU8L?s$Y)vfN0O2KAj$VsRW#7dSQ83p&HmsA3R)#emi1{
zZ!gZyo)+Cu6^C*&R{2ouH#c>A{>|%)v!^UWn?9dVzTv4mIoq2Ff#6!Qz01CN{eD|-
zyUn(4s%)$#l*sVm405z$+tcLCKEPg(R*vrqPm{XBQ&(5e5*WIsvcUflJ?7wfQB>m?
zLItEE@2`U04Sgr|H0V!7laFIo-W*5NU~RcMj62bZT>Y7JCdgOz&2<LwqXVDxm2Y0#
zUcc8;g+xy=NuWGD+8F{yT1uPoiNHI|i@e2@-r;?*Y+(Me%1d0o{m?-#&d>^ps=wQs
zBXXso7%^HLm5s8x!P!e49=Mi!G+mN12ByuWRr)8~j8gqI^-WfyY!*{D)YX{Kc~4W3
zw4b4D#Z=^7J^-nxNXulvY2Kr9W)vU&-1OCO7!e~ZB_m6iQsYj(@~ZOKsv3{cFImx!
zIfL`9F<q$DjhpsYuV_3uKnZbnW>vSdk3PlV<h6b3;8<Uv&c}T|RFA3FafagSeISBm
zOuaYtI6?1r&e#mf`Y@*9;t-nlb`i>&&CkSRtSUT~Zonj0s4Swx#CHd~>a(CzsDPeV
zQ5_^1E!bHS5Epfvf6Lo^S3T01<A5{wnCA|f!$q?P#rRd{4@WnEs(D<!0CKc)C!qKX
zx<P!^8x{WtEWUwmHTG3eZ);Rjq((vStPI%|*Fs6gC-5&+d`~FQE*-Tl#r9M^9{t+Z
zyT>*2kvzp$BBdAB!`tHx>dw_vjj6-IHx;pDY|lIc%E*l6kuL*r{Ok6L$D_QkW#UBY
zOGLAW6qwkR?4*j2(Snbv^`cvj)E{rRh}NMTmPhd|<HK0DRUVW5MVhbXH;qSp_;R)S
z*eqMpoE2NU=~I@c=1)4){D3q$u!7(G71j3$TM)U_6ety?IUa!JzMl43jtGwvs^O_F
z@P>-Cy?}&1pvxs`upjC>NCzmtV1sJNG#4Alg#{lrig8i8EtW?~rGN-q;95#aitujm
zZj~b`vXf<`byLyg%9Qlr|If0nhx*T(e|$C#M^_PnR7>`zs@q*uvi2du*7NAiW9tC%
z?et26;G1jo?+yC*c3peZPyhPkBUxv$b)~P%G#P0)wvGu0L5&IaT?}M>xcV-}SPgfp
zxJRtCC+^rrdKjnbP)tqoZngIA*w&M#!w~F}s+%k!(poi;4^`8F?HScnjrtRL!?<XB
zQWpl)rsH^DLKX;_WnV?g!h7uYz`F$BSqX5_oMg<TLH=aiUvT>okKep4v-_d8*%uDg
z0WDd-{%F2Ob#$1ulk4?HK%g1HW_7=)HvLANyzi^F1Ugs_ADLc4GKc$Ttn4e*v0(Pe
zzNYA#*njm3&oZt5sxx3eJ)}xYnTGGI-Yn7i<2a(>Jw4!+C_^8uezoc?tGj-}x&_ce
z4Z*jiD>K6P#h%nCbZ3<Ooc?UqE__Iz7QL8AII6vDs@f@~j^Sgb<f&`SkW}A77=rZ6
z4b3G~e?<MuvX!gnd+e6ltESu89?JrU_G;f9BqW>hF1RtK5!~J#%mmAP%6VFHPopE5
zicie{%OT_d$&2h6e|L%ao?XnwDZAo!KFEl;H%5-&=^Qkqw8=Oxi>5}MXg(4t+X^|E
zRW}5qE9TX#mV+@GL+N@9=N5InmkJn0LqlbU^e8-JTzGgmF`VXOp=5-OTwj5x667sV
z2#2j_v`&W_WqVmhjCM&zu=K8(7%v+%$B&Z%<${qm#$3%CpQi{gjuxr!y4r06GoX~Y
zWH>3WV$#{xyUVJ*TNiiVjnlY3BsO}iiaJzd*W6t~J*)&w+G<2%-c9$hTB{N$YMb}t
zzFVzo2`Xrvs{(dN#c%S5Q((TV4@d`HxBLtm{ZmK(YS7mw0X<<|T#L%^fJ+kD;{K3`
z6;t+9$cXk&g!H$2D%c6i9M{gNohYBWL(L=|q)QG+pW5W*p>9dmz^m7_p0d0Xq)Yx{
z)n4vi@aNZP3TD9kYWUI7*?)fsh_M!51DZMh;@Q&uqpoe)CJEQ7p*LlDc5Lg9**GDc
z`+!xOYWmeJMI<+%P(!X~A9IUorhp}0&B-ilyz9JM6m-0ErvF%--8e}&-?OdyOz{_8
z#at<Myg&W)gUG}9n0sGeME5|T1(N{!irw7d4T5>!Lj|zpNCjjx)u~%<D`q>0!x7~r
zquIw>EqG?HQNl<K!~4MMG26R(=-NY)(d|T5W60;y9UbT9JZmuj7LaLeD{dVxcGl;G
z?kwjtbNjXu*pawTS&y2nK)tWtwRuAZYWDd<+NKUl3@`3}zdOHMgbzXTeQ=M306*Q%
z)cB$LBLGM%0XH-GaQ<BsJ1xF6GpHMXK5nT4g?ISaUL7JcH|l(;umsMYGM|D?-!*md
zfCmWMex&=2NDOT!=I44Ly$@_pe!KR5@+Ln{dwN{d*i^<ZAK9^5oZpmF_n1MMY@{MD
zJWVel8IPAah}#=#>4E1HEeos`qMKvU8D|OM1fn>p=f^7%;nJrI<>n~pn<JWtqeZ1C
z5n0EKeV0C9EUhU-CboTvs^F$Ow&jQi3^;79GnWycGY-EXIDp9F0&fQk0mSK`(#Lhy
zw*5xTxvMxm<n4ncS-Omn>On#*TH}U?zC$%YWZ!yRH*&|y!8Js7=f-RB$&7@Kco2z{
zNNY&hB0Dnb;cx-Q9`p0@Ca3k>t&|<@wFk+1o=3||9Fp}AgFw<>b0j|$_bs*}!COz3
zOb1L!+%&eUbPq~LwW}V8TBY-so?NMZb1rGu&MW(zNUZF!FI96naT$PoD0W@lr_3)8
z^WctAf>M)g9KZIm4P}oBQi2T;fv_Z)W)&~?kw*3bmnveG*mfZI+~i|jsB0=aTh8h^
zZYAx9YFmG_)ay_91x^lHPoTN$6%BwMHmV(AxX^<QBeB*mgsQ4<RH0hs_eJ0GSu$*V
zl7A2hqeO=AW_SU=kRrJmSTkeRZ(iH&hCF8q2yHiDl3rm{^%bia^z0lSUGPWa@#e1^
zG$j@LyxrmD>45cCjSR3|G-pq5!6@F)o=x(GJ2(T8--AXCy@xX&8fs-Hu>rbG(IBZa
zZwt=ODX_nvjRXYKZh$#|$nU{%6!ogAM3et`%RsPj3A12}bm@93_Uwf)MYK5gU}ZRr
zJNo*|4zI^GtmY1<lMW;ISmDXKdpm5RiT=Bp@?lp^ayJ{GhZ9|2ds&RIT!D2KC04S>
z?&0X|^=rCs=VT>7S}JyW%=-F^9u@K|boU#`i$|wXmO0G|FX9U#oVwjtP*}w%w!&t}
z-(A2-*nmV5X@u#EQPOkL@N<E&ON9`BuXVCT#b>R+Q~Ccd)FUgpH`F7qpXdOOdjC1M
z1bCEC*Rrco$VY5YV}*{jsY%1jzJGP{J#2Ldt`z^5r*t`0D?u6`Z~W)i-@SVG`i&X?
z`Q6v}&tKw0_Nq3Au0(?BIqwZGvg^y&zx#*FSEy5K!+}gYWQQsnx^C)jQ|FDd=h=@H
z!WnREX{4l|;SpO_V?mGS^z>j(1*cq4hO+y8g%*fGTBnN~FAr?19&e~OP4?#>e#-i8
znE3gfo=yh@9SSoY+x$i@EgzV9`|u*$=FM1LxU%#I)%H3<x=6~zrqQy(dx&>kb3`ih
zp+nLynxfG3BW*M!<O-A*0y#QzMKeY6L|tdKyd7xNfZfm?`|O-<I9|{xG9ni&I1L5}
z)lN)<L2VUPzsKHKRF+Px6=2^=l@g=l2dxL^2F1l0O#OLN=hi658F@qPU}z2Snu=9w
zCYtfhE(`t(7u1Edz^tIQcUTYd5wt``AnzU93v_=)Pf>D;C?8rmx`Ful*+eza)MPm7
zSnrB`Q_jxTHOiN|6_T~xc&y8fn!ghGk7Yg0DtX)G(}+ad0jV!deL$$~9<mN!2%L9~
zL)Y@Qm*VShNbE1@>R8!1S4c1X-6Ye9!xbf{&5enATUOiizf^eKZIBv_Wg@I6%Qa>j
z4=OTmz*l&E&~TfzaL;5fFmp7>wgGBEwdwFwGu4MM*`ZX2E_r5*cG;uCq-Sl8PpX%B
z1?3@GJJ(ZlZhDK7N^+;_(t57EWh|DXg@mmT5y#Fg!L{@va+8f(K*^FrU~y$z*i1y?
zAFRT$ql(M{8qZz$A@HHDdam=ExU^sza>0GT%;KB8CMt1fQZbn$8bNH>!NhZ&%Z6rT
zkUFpF=i|;bCKF5YCpFe3c*I)<{h=W$tX^dBR5h@P2QNpbabE5CB!a1}SK;nz_9}ZH
zx3HS1y5E5cZhApD)6hxHq$EEwH5J8$k-2*Dhv!xV6P}&^R<Xt5adHrRdN?;(D3~F^
zbZT}#N$<$c?!=N|e|}~)gr!=%RGeD?E$x70aijL}GZ4v!3Iq@M`&?(in~k2yGU8el
zB;{IHv*$Em2&_Hjk_29$MJRijfvuP{@4nvcQL1>S)VkiSoN%KijM9Zi(}1*ElmH1@
zWJ6B7kOS#!LX1b#S>9wsZ$z&G!p2xN+xJD@=QnjzPY=-5_T7D(-PTA~+oE3(8)K}d
zy37u@ZC7T{AF#hA{&iEgJfaJJFy!}e|I8La!V<oLbBOq|B8!A+%L>vbn2+}-8s&ig
zO?`L=q~zaJ4bq$<5t%shKPX#B{zE-_ieyw(=opr53EEQ}E!+lx2WuA==?OSUf}A6g
zMY7o&mijaVDd=Gez+v2Br(N`&!Ui#6So4dxFj1U)!MRW3L|OcWvBK{ZUfUT3nhE(~
z3glGuYe5}L11cFqOcK}G4VIb4;|LLF5;Q-ua>ykEYcifi;>Q4)P%|_-yP`&Ai5<<j
zz)NdkDL<MY>(!bSO}I_n-hy!eRm=q9z{2b?#9JEn?^xY|NBml_sNu^x-)VU4?R;Ec
z{<stay$-KeJM`yJ7aO#k*#u#dzy;@n!83;sJRj!p;n9J{)le08WS<($rI8t(&4_cF
z!o;gHm5Cd36Zpnr@}wq=V;YAqDH{`nZ2}!4??FWO<V&(vT0FmfjMmt}F8a9GUCwaA
ztH9ng>%yj*32&<hCVQZtY*e$DeN3PK;<=;elGu@N5+D@~KP0zO5p_Fs2T5E7#o*AD
zVW~AHjl&`D6;W({zcP=2Goy_yqVFn*^LnZqHh2_21>SN%pW)N&`wU*L@t$0Xg*U4I
z?AG?f5<H|QCDxrl)xtSFTTlbUE@wNgIJ@+2NX<MLUvvif35rg(%s%soSPRO&)APBk
z-2;I0Mx+bW9zQGrQL0RS^8Rze<cwjgb8}{&oT>Rt^|Ok}u=Ut9Ed?Mdf$RP{cI_p4
z`7BtJPqrki7Q)Zw4$<shr<j_ZFBbH|!~|xp?un_)>-({ZtkD?3OUKq|kk~{PS66&#
zsOjnCDY3AvCr@aeES-{2^c1OaVsoT4H+nrEf>}iCsl3}1KmQv=HRtdJW#r*`g%x%7
z=nPy!wybBxfzRwsao{Hdo;iO6z~lP_<4F_`(uRY`*otC>E5P9?lMo^9zCbG1Crd_%
zVj?W)NmG)ddY(KT9Odr0pb`lxQMXT_rG~EbnLU|A0?(UYBf;m*uaV$0W!p&fd6R4i
zJbIE<?mSP_!EB+46Ep8n9~brV!E=|)qFx>aJWCReL|@PoBhcsfL?5{74V2bND6XxO
z@T!3BqIzVVCXEDZxN*mXHjeK3WJo<F&{zXcV*T-F>XAe@%T&iCcd3NS66OXkZ`f6t
zAcTQ?VNqzsp+R`;V>^?NYPQvM-wn6)1hbn-Ki)Y$jK$RWl3^V8crz%P9#!mE?5i>g
zIW8y64YqR}{<i2e7mUYwV%*1MKR@o{fL6pOwen)B@6e=F`U*suxYM?17V>5cHYY0`
zaW9uy!%VaCIyZ+qI?m#9C~YS6d~)$JSmM_0TG)L61h%&<qWOmKoY9Hslq1Cj#zq0p
za{aA&`beBzAaH~zlqA{dTjZ_8FsKLC89Pmj{qb(B{(JK7FDD)MRnx>0Lz9b>0ilg-
zU_&_}0gZGgY!?I0PaMl)PY1>GfbrJbxtvQ<)m%<}yo;O=_S4j-B*yrP?r`Xv>f;7a
z0g(WTgGN&QS~(N^SC+Yj%ypQFNsNkFc=DyICOPcrW0H6Z=~DI}hggo3NgF~^&0~#A
zmTvtgaL^OVxpyj(YT-CSFscJMLq&s=7_sr?KDO9wic2B9%>8Z48VMgx440jf6MJn;
zd17m7R9h{SiTh30lFKTwE19>9H1et5JH~xpcK1F;dMPFgKII|Blt6U!<%CjoeFTzs
zy23=vz(RNS@c}S!1q_NSO86d9Cx>z8WjWMiA$4Z#!CwC@cZj5nO>l|YC*cN=U|S(2
ztEjxiwDB{YX^Wm9m>dCxrUxzam@}Sye-H9jXiQ+4i;bc{ex7G0OQ_LOeX@v<Chr!V
zk-4E{VJtkYJyyr5rg~agZS!L@5fkM{Z^g-Mq*r<qc^I*SA2ot*$bCq@K}I>STvu<y
zDOkkvV(3~HZwpIoHigP}9Ohd)?l|s6yg+xB9Na^H@b6q)5E@dm(B-2j%bO5cAW=tl
zw`dCMnlYv;IS}feh~o<&y1r`fNLaFX-%baXJ3<#R&kJ)sQ<-qgQjw0!o^NNT0f5jv
z(0nXNd@~5(ka!O0e?H;kJ46(VJ!&H#5kLTkyx73b&QO;X{)3zwiU-4<cI`MjGuIM;
zJ2OeAh(2X#fyalN_!o3@`0jUgnK9dtaq&QsKRcSVxgUE*%u}X^e42~=$L*k>Oj+)C
zPZ!OVQ1Ka>ayN)0H1;E4AX&tp|FWFS`Q$lykrnJ}k(gFft-gHABl=*Mjo<WANZNar
zPjgd+N|A3OO_w`j5xuK>v>dkEF2?Zs%dr}#4HlgBfHf{ATE@)*4KBC@ES`f$@Jr%|
zHu5(0I3=WUdaE;{CtW#~L2h-dBQf(e21wyor0Tf(Fhy$M3ksrs?ttWLFq814um+&+
zSnaC@jqsqdbyik)JlXaL_5tfr5U`9_cd}mTGZjmesQ$q(%4?BE<hVznb=@~sIo&aq
zu(`vM%rtbN?4tgLa~dXVx~`80O~?Uc7)fwL*nGt5wjLpF%tIg4+6Ws}a+h+&*>nuH
zXoHQx$=x2(S-Dd~l+}tbMkYn4Szw7KZb4&$xIDFIAJUeBS`h&wlrUU{Oh2-bD`+OF
zVri4=XH-La1^c8<A7f=hYtKlXGlPZXTK?uEv5h2fU`yW07QaMGp0w-C9a2wZgp4RH
z7Ay8gREFjzL`$2MQ-^JDV!xg5qeSk{_tW8Hh>le}!t_@>re-FnIBGUHjx9*cMULCc
zpZ7D6F{fHG6>M(NqkvTi$9N&ORNRAjXcw>TN$?HRhW|z4Uc@j$6j<192kCfMdzWg)
zf~l$5%3CP5p&V_e;0&bKrW|KutX$lM2jQJ^!AAOoNHSFOR?e7hb0=e9I+dbYNmB>m
z#-S5)uk0<eW2V3WWb|C?q|KOMtfi_Xw%SiLK!M_J2jY7_Wp#(detdyxMn^Klin(P`
z%X^6B0B^c}A|dfeXh&|zx~oy&#{v7dBvy`?qR^92y=v4!F9nsHn7YEdF&bOM?EO?)
z$Xo9`^^^+|VLB#8gekF<6;&fb55y%4X@Ma>j}{+^Acx1u{v-|8=W6ybKiuS6!xwd0
zTVne7o`T6|v_0mFY<%1RapedZb81VK25T#_mQrgcp;qE*!&wWy(px-)Nc=GzAeKcm
zUpCW3&M=8HOZ<!ynjgaRLezW^s{h#WEEq+kUR=omFJ^9Oq)jJ&U2tBXvu_N)!!z5<
ziYshZqOOiiDJ*p<`ob1fUc%gDFh(nNls-ahQ5oVC7t$LEOPpdHLra<@F5~>3pnJ^W
z)o#qqwG4ec9y5#;$RuF>uDuY0aiyM}Asj)OpFLB%mYSOD=mYJ`;sHAf#68OOd|UR6
z?FF=40cU5~%FYr@Y|_<UnE~v0f`e&!x?wS?7SoUK9rB*Jt6KJF^B%i-;6@I+o-uNE
zw^oGG<k}bRg-VTn`)%?L46IjDj{~e?Hnl%5l%pC)h-w|jLc)A94K_$glw{#C1RAz)
zSbHz#PEed}Ob66fb?eoi$;BYHJe2Kt$j4veita?&BDv=tb?P!2$I;ecI4@^=G}!NZ
zq7_E!R$P-(>Q@fwgl;F6%zB*LnXMx?^n3kDA`68hhacMloOe*Gv%CDv=QOIgGF3_!
zmPw@KnSK99rW@eIk8PLK>+pkfCWlv7GU=>i799P9Q;0E2fbHdyi~T2ylRcX#LyC?B
zF5e4AH_bS|JrAZg8TYM_>OsA!;Ij=AZdk)JJkEwaOqk~?W~C4;3-W!;{!%Q8&;o)!
zm5;>Zb9+i@BN|jEG)zB=yN|Il73VcaXhXhYm?+xVXd~ayt5Bk{!idA_Ic8yp8k3lq
zkx=2nW6a0;9AD^&>Y63Zq#Fsv!~dLcp&^rlml<V(_=7dR3~PZQLLXsLRAt3$lQs@b
zTI!1P)0R4*-Sr0cm4j|Ke#NyA*8zd%N@Ur20VZW$^^im!(&_YMlg?NqU&sXaCR;;$
zlglO-O-H^9Hw;n0RVGKA0(z&%EEwrXcRCE6Uj=W_TdbFEFS*w4r1@}0f(vqisOQ%%
z>X&lJ&EiVT7FXMP-py=X(UQ7KgqoJdMkZ<u_QZ<tJe13gl5)B*TJF7eS3j-vsI)D6
z7D9QGRl3h=wS?Dy7qyY1J#?_9`LK>;bJ2FI9+b<i(nuGFyHq?(F7!N(DZLabop@^~
zF#e=W0i^A);w})$;~ou+qEb%0GK%NfpZ7JIKK9+QDKi{C`iSTrvYQHS5k2<wnn{xC
zB{0Alyz%|j)vliQ$D7NdJ6vt6vK#W3W7X8{@#7W!eo2_F`eV~v{qEH}wiuE2r6cR6
z-)7+M+tU;7_$S`=f*)kF3w7fi9v$Qt>XaV)0A3@-Ot2Z{MUzbgZ1%ixuc@qtl=ne}
zj*ldJJ`&Q`r;8|3`Q{LhCp!k>>XR&rPKG->zKU2Jdy-g9GJ0dNM&uUiX_`KH-o>VC
zBNkSP%(O?DLcU-sEwi<S!D@k*5{(OCY&E9OMlntL=}_cgR18Qc%ol-*&Qk~u^*82P
z?JX5hIvc07l{%?mk`e3`5D(*M5Z$n|pfM7mw1%*j1a<(D#byBl=QKl?<IwBmX55`3
zb0*#eV!PN-hLcX^@XL2T$PwtBx;Q}z20k*cwbSp^^1Ta&KUxXi8>VQbG<^G)OOv3u
zj*vw$=;3HWj(e<Qbgh)ayfAv|#Tj;NOpdITR)ullU3jn8f(TiBW;iMSfjtgJa_Y}U
zBpusjA=0g2amSfCdHAR*C!IO<P5Qj|Jo|y%goWht3B+~uA0lY*ZOB++xtuCQrHiV$
z^*UZSb8NfDj@>Fp1ZFS^wd59it4D}n!;&}#v|NNM&yr?;5|?_&Pu1IX?FRFB1BylM
zHblAf1Jx;ujk&SxGA{V6{L!eB<zyZ?gJ&@=g!1MxMJAUq?y5DjrX76DAR#V!QtT17
zbBIun)VI=IofuF|*KCW#y6Vd;(yCAH-}9%yZo`7z64o|8dRR%=l<gBlbe>PlU9>Fm
zY!xcG=+nXOtkx74QDeA7ho|inJA@K06_Yu9#wI(5{bX<CVObl{f*ZPQaF*l2@gOtq
zR#Vx%7cDBJRRv+ni@N|BH)diV8`QAyJx(Z}uxE429iZu9?j1e7y<?_N_(2S6(m`)_
zz?)nkuGmQ-L>+wNYcq-66n`DbpAeNrJ}SN)NhJjaPuwMl3P;rChvr<D-e{KF3FCPq
zFZtBmc<4^qFURT_oOe=hJXCm%)ovcdG8NFi7+h!S<%?NzK0dMY^PV&C5Q^6y21)Yv
zGdHqLvXG9LVor*4_>2HbaaxUs3;D3dBl&_`r@+N})QP|Y`t4#70kLP4&l}cw2A<bK
zaEc21glh{m_-A*(2cNl^3LT#acSijwGwNzfN1^)~4R?_u?@w~&E#0+JlE1^wwc<&H
zW38gaxx85=TUd-IYmyghng?qdwQu6L=wZrLExB7G@Ux1`PvocsaL!(fbRd@r>k7U?
zqs8L(?%;g+ar3uo=xkMxE@wwo8ddiIfw+ddbyYLK50&tkl&EZk%Q7Mp8mWLt#X*<A
z7*v%KuG*FvBd*x~(o$vYRoX#WB{on`nmlL7K$`HglD3krSgxntISnW491tDFIZ+WX
zh(~I%jPpQP9gWNrPDi8EqrJF-+}ILuMV8lTU6FcBI!A;aXPyI*d7ON{h&-OeJdt?f
zxEx3C=0)DIHAy}E60Sc_Y%0F2_yR>pazI3Y2$|X&7(ya+1cZ<%oPi)DnqUA3i581e
zQIt_Zkc0H0TC&C$;jI&SF9fF#9jj-A{M7%wet4hwkyu4Awx=|Rn-DfrKA_S{^poXI
z0}=yIx-kGr8$;dhtTK|$EDo%##qJtkXUaB?*dkF&rv~mt!wYUPMQgW4<=?v@3IyK3
z!EtE$vPXl{C_SC2TUJOC%Z45h=7&VQ5~w9yl>FW$j89UGAoQA~tiG4dKiXb9<8{f&
zlPS?dU=8GDBDg4`0;xNtZnn2YtKA{G;9;xY7{eM-zw_5ZVm;=~x+RV<@Guhh27De_
z&!XuL!Ral|U4ohg0hOq2cT#BfHVap@`oK)b!syJ*(4RkuTN;G7rPiBVK8QS6GOK~Q
z()#hYvMe%yDjXrR#K|^zaG60Gr&$t}E+}{<64<R~53_$q0_%_XMf7bKV#15R+Q7y$
z<oC%u!E*tw%*|qQUb^7QS~5f7Ia(p}7-L1eoM)fc`7PTIHp6-lM(jk)%7%4YFDVeN
zj)=w~FB!;)m1W}5d1mat8Obi-MFXQ=r8QR2eqE5!;g7jKD~=14(LUM+t8{Nq+<}Pj
zk%s5<lr4vxrEw8?%VS{E>B$B^&cTP^eIL5|V-Il1=Md@`Wk0(ZWj~bG@lRQ?@9yDx
zD=7~67Ck|W3fZ--CTgxblCK`Dc#r`+OVVI(8C?mmTu|)63X~mg(Mpg>ZGpFV3t}0!
zp4=QqwBmhy2wSQ>A^ol4`Wc@iOn(4&9LI8Yo+3`{%Lwk%eM&S-J>HbJ$C!k!9+(u&
z#ni|Z2A5_TiuvNC^9-9{jF&)O*DRbb%8QJO)h0{mP>F^qSAHtCQ{$&{gsHKl=A&WS
zpp(WOw}w$TCMI?+@jZ3WqbadyFdp->!bz1gS|_e>eX@2%*E_3jWm__R%Wf0^lF`aK
z-$gCEQGf|@!M86m2$?~ZQrT?cx|PT`IT>|{5pYe0uRC&|w{ykhK&lv1;ajv+=4hz|
zzi}R(gWp4nO+Z}da#@d^b?Z*a>bExs$L41kSHnodKuhQt?5@5`OClKqx0QrYoY$0u
z7~}3IiK;FvgQV0IW{58vC3nU1<5%tw0a6lgK?do03~@nc5D|gZPC)jah+RphAek3W
zVqBta4%TyH%TO6wJfu=09;(ilB!~+e%>Lu0Hf-gzr)p-iT@z%3P#C4EB6^O4!yBu{
zSx#TD8h2b7o^D)x8BT6`05Hp(5>dvF5mv&IuX?h_c42)WsSzdqi<zNzu94iK#y7~?
zZal(_tpwf4$j6&TTxF>TQplu&YMP%&(Q|4!W<t4OHdM}r*l^9w4(E9gzBORGn1ccO
zcMt@X5J2^<KS8tghsf6m9lH)vlJYG#`d+XgOQ%8wT}&4YNH0h+CEIL{qo#$?1I$aw
z>l2RXAgTAAxi}MVIx}FR?>I9!<D`e^8lWqDbcQK?v|NjA{AlgM-?v~?mR3nBLXxEo
zet{nVUm~4(BABW#CG(=R$zLiX%><EkxmTQ<NzR(;Nf+cvr&lxeExz1g+5VZc<$c>|
z&gR#4)8svx|J&_AqN|3eS-oM@?lXU!L|Na(-2Q>@K61Yy^kB3l0<*&N?2o9A+*MiE
z7S-J7BmeNb>`)E6YBWZSoLlr88d5vf#QtInq?&u;TF~uW+2=d0HNI@kUCxC{mRyc>
zP0Pcbs&3h!;&m<?cf8`2ptU1DJb_L5b_+kqoe>|H>Od(5MlnzdtVc+KBJp6!**&0K
z!sE}OY=^F;;<Y7=h$&yA?{g`KG$$-DCi~k6ipld~BVz%=T*<L&prz%Bkw5(bI9;Hm
zN?FD6z@GT85F$+&beLkFw@5^tx^tmO@mNA6-!>m=u1d)Mz#rU<ngU|wvTm?Y#+5uZ
z_s6M(oe$x%>D1!!6(X7j&rZqEsMJV@$5ajyY~yxP$gchYA_tI5KQbwKzY#urYQlOI
zh%ty{eNY5pfB%F0oGs2+bMx<$Nf6>(4Od`&=e<N4%HEozyU<%-tiIDT?|m^nX-qLo
zn4RT?|Mu>Xz07{XGbN6ViQ1q=OI3E8Pq{!GqvQev=9UQ1ONT7r)bq|XjTj(!Y>5wA
zc#d-i9SP&%3PFf-r3WxH;#w$xFS1Ws91l27<WI&LSvV#s1pOj=295DjG{&=Fd>Erx
z8mzOf0*C&V<9g1IEd}=;CR+;bJ90Q1+aF*i1RD%4b7FXX*3n0}f@eK>7lhE_S*X*c
zJuGcpoF$x)#oFM`faG^1pK7LOvJ~&-yL~rW5~Fl?+q%<^ZL!>Nzct0h9jXtB&sG-T
zC=Mk%mRBivY1n9PYNO{03iML;e=##i;>*<C7J|>9xq8f|eKl6uAO7=)jJX<KdJR_;
z$#0EPiP+|^mxvw~sub@9N<zi~OA8!8w#GnU5rxR^2R<-ll7#)O8J0x}`K3A>y|qgz
z)L7p1-M3=OPn+i4M`rD309gUBV+pB@;|(f;;V&S%gpejcw6Tj5)YT-r$;YZpl`8<&
zEm#nFDp9iVdh~K}(`P~EL_SA!M&$EGmuS2$Gfq0aWq8iQ-IbH-^B}EMpBOpQ=b0rL
zzUYbw<lgOMtIUr2H2WP=-DG}tR37-*@1*^2zb%i}Xo@9IV~O;Nm${f52KA&M%U9dL
zu~XR4c);3#V69rzUtl|}9+lB6X#yFc$?ofEk19}l6S*Zs_}#;q=fQ3^^bR-1>mP6m
zm3PQ_DD^=nNR0;JC6Y#yJNf{pcG#7D^ln!p=O&j@MB<hjETM0Gw^Ko5f#ts5#*oHB
zGXKS&hHgUQ-T%RF|4fFdJ?FkXD5(Xp-U)%?8*rkx-3G(ABE`1qIcGS{%{Lt0dfSbZ
zIN5oSi@@9$^1es8!6C=+vm^GxAnLP9i)2C;-PNka>eQrH@=R#&O^fGQy+!N9`ClqB
zrydG2&EvUi08<|-SYCn6R4<>N_KR$Mg=7wdK>NeK-t9>xXlXQy(`bw|;L$W3M-bGB
ztDDjdNHqGmL}2DnE-cU}^-Bv<?c9c0+hfIcbxzsJ%d+RPRNL-a@)X|htD;g%4k~0P
z>rWF}hx0*_EVKK4UF@^As!F7!bP&rP_faH$qQ6jKv%Gzv>wna`MMy0^q7`*PiIqhb
zXBYh}@v?n5AgvfKUdO93tD}U{(15MZLeY4x@nxebg>mLng_CW*tYO_g>^kpS^>^sX
zdi%g?EyJB{cO3BSm|lleN%2=C70p(yO(stVVp&;uEYpg0rU?ZCTMq4w=d}R-$*=L@
zS-;#Cr%K}$`n-Gl7QSEq_PbZ|H~L(^z5edIC$HbWdG+qickkZ5zJBuR^_w?uUOmZP
zohn1}=LpwHX4#X!^$!zLGMsdw_kX9KD=;u!{d`%1wl&~28M;LEabkOy$M@7Let0kX
z`M$%F)%Xg{a9781xN7PfSnaL|&ei2_p1yn;ji%l{h*1eBM3p`fv<gbTPMGU86Bz&L
zrfvn|dXRK=iNe%mPObFo;Sr=gk_`tSSuJntBc7l^I9<6CteoG~!3k{hv3Lo9Ya*7b
zBNi)Xa80=Fu`b7by`9!+ayk*AGGDFLi#TMt79^Cr?@A<Mt=P|32Bm`rsmF0}!imb3
zv2~D0k3l&uR_uTTZuR*F5v@5lVz?FCl~DcH|GWC{-w^qIE$m@mH81<)xPQ4G?szg_
zX)SvRI^?*{G^F4b<aUttf!pq`YmSF%Mup%FRaaN5yR{Y|bwsR(OAx!FE?3KGeWOaR
ztJkiS!pg&r%i!zdi>y<NKK-62{~f_ZK#c-Qy=dTQsXY<$Y%x$z;OwfJn7(t4<bsQT
zdK!&I>{%?Q0*B5(%i%;RSHMEUb|K0~65J>eMBG<Q>KpxyTXd*)^*9X=6mK3JM?-?*
zT0rGGKuVul1q(r4ktX^1vTE<*=YvieQW_|y8v+0FH$PuC-7da)!Q&wY7#z01J2@UX
zCEI{Lt_2Mi(9~Y;M}(skO`h7-qcE=*feKV(u36Y+1s++(uEsX+$9=~qkcG8i;uAlS
zY8n37zx>C){qyF>fBoYXi~}t7faks3-Dr>#tx>ai=_Mz3{e{y*i`fHu{H06z>m>WK
zKHyM}U%IegHd!JMk96E10V*~@|HP3x@In*ExbC!R;x3yyJ-}+`T|eI^##g)J39^48
z{Cw&TH4_8B|Gw?o>i565Qm#1?eE6s8z>YQHWC@(A!+EFQ(^c0OD$cqc9jqkl%&>s8
zlDLF1alFMV?F7|2g<cbspbp1&A*y<aM_mlNq2ASPBA~V4+|>d$15&eSU8w1H;4=MP
z(?VvNI$|(SqU|zlyVAQ@=e5JHtophWSxW<EDXgvtGvE{G!y5EzYH?e$8X%tqT^y#K
zZIicc)y&5fvyMKn<%uE<*QnKQXNvV{kopioh(`8ifQgDU^S7WDG2jdXsRL@BIoXvj
zZs?e?`g`$o!wLI)e@Gtm>WzA~+W7ghugfG;y|;3IzJ#MT2ya{m?`6@{5HexS4sb=b
zZjw7Fb;Q(VjB&VI(ChUvZbh3fU!Vd@Hu!{*UEFFwyLmXqbR!J;b5LN*M95%qK&Hnm
xK>gazl3zbxKVLszKVLszKVLszKVLszKVLszKVLszKYyp6{{`+hT^Imp0RRuPti%8S

literal 11580
zcmV-CEyL0uiwFP!000001MPinkK9I*roO6w1tA$w_dx2FTCzPWd1o=O7udz!?in+K
z`*OakVUw&XPP0gwWOb`Y(Ej#~$Twyt^Oa=DJvbFCS2Y>&<a=gBWMpL4)I(a<MR!?l
zpPcCP8b05>dxzg|zW?^M{0*OP-+uS~n<sDHy#=E0uist2dGh+r+qZAOeUiLBRfgox
zu^-YdNuK<@eHe-=wbJ?C|AT&>KTm$>kB39rJ^bM>`yy%DqJGsk$1W?9v~8<0ONX+l
zlZ^M1q^NiBefh%`XFEH49{4$vQ-eRA{_DpgI}U|}Ue?L5mmlQK0e)N()+>oO`Jqj_
z^pMo)q4?)#l<L_ZCMo<xUL<K%HTOlH3{5h0Y2BAtC==)vL51IEWjz$#HqDCjzlz*!
zx???*hhhWi5u6t<|9bXxSJa!X`1M$JKzsJ|>G04>B@jHrOT)tgYG5;baBv;kZBHm(
zT%4Uf&6=*r4*8}p(k|O?Zp!-nn>QC{PkDwmZ8|`{@u@vI)0+W6NG+M(CEvVxzb&`T
zW?NQ8(ia0H(tS9?9Ie>)EV*eP;4f$^hj)diQC;Dwtt)5=bWK$l;Qs`V1$dfeMc?~S
z5h+XCD{ps$@2H-J{VA)`zEAR-V-F2h=bJ;n8#|G$Khw^H`AWXIP7uDg;M2bH%^TC}
z_gbo$=qV-%$it(ZA#kL{w3(O)oWndzYeMN9-WSUT=AVi*C-vKQ4ff&$R!FG+W;-2`
zD-Fef(PF7=$m)h<FLrp4T5e&wq-FF>n@g+o&!icp`m4&DB!_HfL(`Q-AJKVFQ<1En
zLAF9F@-FR=bgW3jWFTnXLpc+M4?j0;(H(kV#HFO?2{UTa$yZ)g9$QtDG5RGd+A?Pd
zzBQ%`wYo{u{^k`;CI>7b$<D0mw)WAd1f0G$PaOj53)FePPrKqV)jG*gc)fR2unej9
zs_X~s-PReKLm3~2G+Y=$Ro^Z`S+n`McuZ7<$I=bB<cgI=b(rw(U{-w=bP5&F@hYf;
zM5B2-O9bMgj`JUBo$iW9I&&OI<{tCh!E(50_Fx#l>HJ~o23R$Zs~2F7R_+80e?d10
zulh;F|B;Aqs9W`Ik(JvLYKqn<>Yc?zb|tlt)A5P?3l-lJ3bac{txd5#RgZ^X+j94~
zW<Hvy@JeL#qxJCicmv(J7>Yi2IJl-Fo{Z_4V?a$ZV|e7sKp6kJz2fmGFMOFek@^zQ
z>^=o1bR|2fA~b2iN7Z`4El2B5v|B*yFb>0`@Ro65tlKJ&$^IhESM!_3AwGP$T77Jm
zEosgQt=;%3%Te<uooRjqO%AQ#H-Cfr?r{qum6`%lQJUicS?<eWpQJ!|9H54WG9w!*
z()I!feMpx|(qP+_cbE=Re!&LSkXbG^m<t0wZWNQEG+QE%(n>)QHY2qZlN9CMkliXv
zQgkP4lGaVZlFMV#!~Z`^nilInt^WDh&>d|>L{cr;o1(0DLCKnj2w%^GH;;`2#I@5a
z4T5j3;on>M_ikN#)6f6@(<51DiFKtd^Eer)JJyy72cY^0`z`@8K3shlqc6I<Roo+1
z+7q{IBR%v(ama=$dbe78cdW}n(_tuf&eTnw5N)jz$-AOz(Dn>9RYHHFZ#WlgPv*h^
zZQA$uIc9;98TM7AEW9Uf528zmofQuk%Spmb8uU-j{ROul$@op{Jh|^mlYQY(9AL@%
z?ML%H)X`zqPOj4%0YDRq&Fg+qZMuy(Y1<Zcj&!&jJ~F+8W{&jFP}x_i<B{1V`%XpQ
z$o{KWc#>%SSDgXd;UQL9N;G_H^(K+dAIBbs_wYbgq69u#{c6>l7kBMIbPJ@#8p3Zw
zSLTH8vpua*?9Pz<oc=tmUHs5KJ@#TM;i&eqp{R$LI>yg5B}ZKohN$`;g&|Bo->_U_
z^#|0yEL+)nzQb;*y{ej>>9H(uXs`CoK|(Sa@4Oph8o}+|VVYo`4yi~>?rCf!Gx3T0
ze_4baBzc)U6Ynm8@7cv{oV>|y=Y#aXy_w_)pUy!8rA@|pl~pBlqWMU)Y%AnsR^3pH
zCYx8YS`PYP45jOFoLlI6uM{wX218{BdK4KlHas$%I8OC3Q!>IwuB$*y333+5hr`!1
zR;OJF*<O~BNxMWN7<$)Cj8_%R@%=D?vcX6jW47iE&r<-HKnv7&ZSA(f8BoexG@O*z
zanjkAyUU`!TNiiV^h3WsBr$rdirN)@Q{7!+J*)&w+o}gK@22@!tW^mNwNBf9->g=(
z6cx43RRJ4N@vHRV6qv8d1L&aZmY+kzKXvr427P@J&=c0h^;j7Wa7iLt+#e#bLdqTs
z8PNWbknVPm1v^2R!`eBv6Qx6QD7mBqx?~6X)F#ajWlgh&UcI*Ul;@oyU5Xd0_Hz4z
zKfgv}Fg@nii60%C{r3lt7;Eq~V3`vyo-N%!YU-MAk_fFDdsC7o$GZHO^aJSJ2cp^(
z!*6aWqPanZ8go7Sm|I9Qc`Wg2PG(u-ZRg#Bpu?Rr-N)+8#!1Tgo^RDBiofV8=1QsK
z{rTq~$2|0px%ahMa1TUUGzq|0=;n@S5W@Q&D}X0QD<EO14$X2~G2cP#j*ypxWuI)d
zkeR)Ngh34>`@rfk+q<%B>O+*#?L<~%%;(Y_9qZ;iZ!q^3(A3(N-CADkjL$ROS<Y(a
zc5Nl_BXOUS7Md-C-dFDGw4wtw`TQYnQwI_wi@V$J&g~ZALXdnP>|?>h&$cr)eysig
z0NP5(%}qXne;35giZ9I!>c*doTk1gm9X`HS2V~QYI#((@fwQOFr(n}IRhd1I0m8Q*
z*?uF4q4mK1TrZ^ep6$sOYwss-(&Mma$3-Wb%H-uEJ622b8*}QOFesCaROE%H=_RDe
z<7E!w=7w5&;Q2($0<VSO=2&#bSwc90C{FA7@k&Ib^zlOZbQHAJ5hmhbQ7K47)-glh
z#Sa)mYmOol-@b$@xM_}c-je}?4qNNYWz^?Pz%K|6FlKRqw}XKI<8(0T<2tG9b~Dbo
zt2jNR^@AZ<wv5o~0U;LFxbC5Cpa!VyTlVWl?pQgv#+co?@fut*Bc-DrL}N;{HKc6O
z9U1j-_z1=yi}UeQPUE>-DLdM02a@qTkCvA(B;z555lMe7klawhx7dh;Zyi~hI$%oT
z=487{_n@>?yXt|cRl0cT$d&3hXOni#yt2=U#L6GLQk^a*HUp3g#jLBll=<ah9_%qn
zAT`Ox@mnw3SoV-0CBzWn2}?p~R`Fu*S!5q{siJ0yZG&>pP1={4x~B58<-DH5R?@aB
zw&h1dz5YyIkmRuSMl^f9!T@M-quLUN3m$AZiLrh$R8@JS3e_sVEBcnpl40VL{DWv1
zB|3yR-AnuhisYu_%}iLod1JO4ikvARtlf}FdPPvxSG;22**QMC5Rdxf&EGaKC1v}x
z-jU_$K=f9P46$uAXHRd@C|<FiP4h-NI0up6qehLrM=&2MW@V?b0h&!#fz+ASnP3+b
z#NW?Ef`Vz&;hf*4_vknZy{gDz^6zgs2oWxE7OX*+E{AN-UyP=Rn&cj>42OQlUVqu)
z^|*%B+~IW6VPqdGB3XNH$4#`c|89n~+ZBV{%{uJiRM*#DW<4%fXq|<`a{kyp9G$&>
zP514Tt^}Z^5~s(cEx+hdA;&^@zrnmXbQ)!u)2#4gd_lk|>wSTRRg7XQY=->91)RhU
zNRUVaOkbRmos-6&3yfVV#Q67GCtFl}-U=d>|NlZg@}fIKJ&O7X4)Cb=pL0WiM+tQ;
zyBdRh#0E89=un%QG`!6FS0~@YR)^q9@qa~1mqW1<<mBUw|NQ3L*WbN)JBk1N?#<Wu
z&tKw0_o_CBCI><FT=a&Q$@S%%-~ZF)Yv|P4aG=u;-JwdlrWu;s*m>jZdGb>MI30;C
z4NCeM8L@fMXY6=R%MRugc*+Gbl-%zNSRguSoz7CSJn*f0vY}p8$zOi_Icb}25a)MV
zHXTrOEX;7M(;K<8Vqm8A!^>owR()|{%hDfJ+iQ>Mf|N;2qj^F05bv7m2rBcT0qGZ}
zD42evjfRL^q4Gi@drPiZrf8m+>#UZy1B)84>zZSmoU;wb3pPat<bnsMAppMG3288_
zt*mJG#2bsr(vh`->|3c)LUequ_27I$adC!Ie_EBPF$!`*-!MBEtN~6_u}aNFGqKra
zz<+6jx-b@)7u58Q=s_-mn#u_Dy=8lW?XT!5N=^~^LoG))7=M1AqE67%WCUto?y`NA
z&(790<V)QON$RFQmib1_Uyl68yc}kgyl&E=2hp|z^`$BgfLiY{>-YuWqH7$QTC}|s
zUw=bme_>ZA%Fek$dg1OSiAL<NsF8ZQF;Q;wVtfAAf{eQjsKG=gB6_l1W2W(-B8vum
zP1Xkuw^|GLO!fksjt1E_z$~aH9iC~X`Vgi&l<Lr>&nBZ?_NbWB^EM|Z)$_E#^3bfE
z>#12cy~mPDa;NIjdak_XEQX_nlr0-0j-4BVYw1N4CL6VYk|l@2lFBx)O%bVounNbI
zDsl&CGIx=O$Om2ZT<4$SvVv*IneYLd7Jte+MWyacDkgVCqlgthn0T&pnb0N~WX@~)
z`M7h9X^JKJlTOwpd?Z>1{?HH=Rwpugs!p(}2d_Y9abC^%G=izASCQ^I?N#PJZeX3F
z>V5|*_|yx+nubm~O-k}3Q&Uk~7`dyLczA9^n8NeZ-zxTac$^*tA0E!9EDUTS!8B@i
zKS}TC&hEgI;eUSSHAJLZvQ(TK01fQ`viPL-$uktmx&j3c{QF#IA)Aek$ui(t6_9d`
ztJ!lFFa+10d`SW?VG&ARC1@+A&ATsmdq|b+lp5E&l@qSigdtsgG<2ZVLIN~skqJ5O
zLJrW^Mll|yv$RU6-UzQe!bV?I+xJ=8rZ;6(4iDJX_RW2r+?JrLZQ&Qj#^{To%#*`y
z-Q)@O2jXu@e%+L{i0DEdbm=|bKeGi$T*5ba4v}0|WRNgTSpj{5`*?q1Q4ZMO%!juF
zCI6<VKywO2<l@MGLAF5tgC0EuGO8+c2+KA{?J0~FZv!BMwegGe6dWZ%!4b$J+3Y8l
z`ZxqB=wS@Nq2CdwUHFb+!<aC<`Nz00L7e-Mb05VCS^Sl=;_nz<(-{Sp3Hf0R<dC&%
zK^^l6R5ZpoNn9s4L}u!bJw}{~(ERAiA(srT$z&D@9|LqkO<;63SqWtc9nGY`OKV{%
zKg^HiYRw80ZdKN|XdHlw8BiQpm_3eo%fkL0i#zm)Uker*J}=XqhR5H|$93gTNHN&!
z$a=MdKf5y9z;b31glPg7f)5AJ96t1Xn8Qa#2aKz($nNMqHJVEUGdi1*<TQp!RA(%c
zFy=<^_1WM^Z8VN)9Im8HOc=Hab%?Y@5#5n5$y#af{B|)KV+Y&l!(w+?!wIhfdsD3o
z8*3)KEgrb+0YCYu<}v%YKL5pY$Id13Bi}SYDhxl6TbYQu?V5umuA*XaXmY>Q8j{B0
zkhY2_Hosp@kAQQdjVYq<Dv0xXsvXvQ6h8*ua6q5qv+TPJUbgWbU5S}9s{icPcEeIU
z(32wTZba3>IXzoY1Jo{OI<7do^ma(iJQ!Yd4*3a-PPfcHi-=eY%D&U{xvbqifb&MA
z4b&VzECNxgOmXu5bHwCKV2pEfVxF9t`Aqe*3dykX*fc8zA}WFF{?<43CA@s*Ey^cT
z5=IN*=jjg7>|UpsnyoJu^uovlX0Gm$sm$y9p^2=~7~V_A)@YE>L>5<9cxjmF>EtQ#
zu&pOgXr3$`lTh#!sc{l>q%=1=Js-STg!NS3Z3>_NCq<pk;S0(r!t;(+)Y+rca|zk9
zo)rc@vp0o-pA2~B{NVu)?-QISQap$o4r9hv6f0~24o{iH7~<{=q;h?-WJXbJ3=4YF
zl%%MhCr^h&xqCiRjR`7Iw@;y^`mXeuJ(&ao&zoNZ!RO7df#5S`+d%YrldKOsc#>7_
zJdf1DOreP*GjCBJ7xnVaahJ@ZULFKIOA-!5U(gc+(C7C=7r5#T6xT@@uBnrVs=)4|
zdSsm@jR<S_<c<k#9Nmk_ka<eLSVK=@{qbk!k;FF3RL3NHsYaJ2!i`?uxT`W?2m|}V
zqR@_q2Jx|r?MyzZSr@~7)7`QY%yuUIcxV66XG7&mhI8DL&7fd<sMtQ+7kLnJSWdVb
zY-2h6ZO~~hIFI$jxQoere%!@@tw>I4rP)y4!K9SC3dER%)Arab^iA(=PF_0dUM{ox
znP%m6ZVq>BoQ363+DvH0<l<y7#I4)axch(zd~bP-=Ig_=MkiuZjuaP|7zG^5^^580
zqw(wlg`-5iB<W7yB5x&*!91|e_-R_=k9TAA-;;NL1!=!8sw$Kin|wSO;M>SXHpmGL
zXrwz~+ZafG!dMo2Iw+n8oVVQ0<y?}g=5p%dUF3wYABHw2G0vAYheKNxA2(zQ2n0|Z
zG@|O)$Qj|kvdk@HuER`7Vob~;lP_B}>0w6~lf;urm$G{~#^p$vv@s;rJl3#e+17sq
z2RoshI;SG37LGjzqdK57R4_P=5gT6aV@=Gaq!go<xw~z7Bay?2{<1T2YOf6`PiRf`
zYODD&aldJ5dRZlLC3BXMMLyMgN54<==HA7~F2&@*ryQh&5{ZtkoG_}U4M1{ESA>Wg
zSlG@!IRJ*PfL?J$3ExBO<k0V&EQhksq|Qt{*vr4C7Lk;*ja*~x({KYI*cPB<Wreet
zCVs9nZQ%*PqyXfb9<<C8&T#VmJ<40YF+pT5K8if~d7eyJe2o_ClSPFzdAI0{&J8&a
zW8rA+zBmpg)6?=|n;xrynkYXyD^6ykz0#S;Lr)z1m=SbC??ZA8GR8sVx^nAJ!624r
zT~qUTTSQ_rDO9fGFfYuweZL>$1=_P@;qKald*|YU($Jd4E+0gh-}uNpiCVI|g(<A5
z`jD<<K`2`)jxT^{+M>RrVadXMJ1toD2wl`XKbq^g%0yz8j_KI!`DS(&00`!R>SIRZ
zn_&Ql$a6sd^@$wcp`uvmQ5*S)0011)Y=b*HU6~i;4|;AW9E^C{)&1<uTuT7<%tW0c
z`jo%|PYySUFYM;{-R{af;kKd4#RF0P>@aByKlX&0r=}kAaW3*7x1D}6Wx3xyTQpZf
zC1+^zT{j+~F&_a#$s+vxm*Hg2C&$T)B;!|$gtVG!^%Ywl!3Voc{8KN5sJ&<TG&fVI
z6!|95bh)Dz(YvyR<*?p1A%@pqk3~Ohh~TUTtg$h%GHwnqxbPCNa1If{FN!1B$Xk{D
z5Rt~|t<FGCyK*Rl-0DO};^u1t5W}xX)nWB96{(TWD~P(eJ(BN)nT99DH2}I}u`enZ
z;a+9yEHCavvh@+|1ID8uXc;f=WWCa5DwZgr{?RYWX^{qU(xYHqca2p+cMK)0?uaBa
zbd4{&(BDW-{bW_swBeu;Ilv5q1lRe^N4##!9^=M5v|g=^vN0uhDOZ?HXTlb2u$gcQ
zw}*IE;nWahwW5rHNwH}bS%Qgc)R-_XPwCi)G^L<cgvSUq8m@e%AKA#|H4_z~v{Cib
zt0BF-eNv|nv9iJ1(=+ExZy|-2zxhaQBM}_LlDD$OFVd1H?K%sG)DsyY14>K8iv1DF
zP~G@wS+fdizwK?@Zx{P0f&26AaQNt>;}s8>?usYW+yoUy%?HP^Mu|B~Nqf2TeugsU
zP)eqP%`H6gScOQ87ivo-JxGLhaoV0nzHZovzi8Zx5Jrpwi`(re9q&r#Qq5TiH8Wc|
z3&l5-gY6W8f%e*%<7}K&h`ac}zf(T4(LOOI>8p7oXUMj>mC-YuN>Qz(se^Kp(21#2
z_LkWRlV<>OdZBf)W{fb_GF6gT?FSa1KykN2@x2|AvH`K5Twt28k&LloZh6%57GpW!
zo2DITNIV+aQCPC>O6dC}VE>lJ${D99c;c&9joRy_ppsKlmwz`#V+)wQpGpgP?VP8c
z3PHk8$HfRgC6Tg%YGl*{Ny&U#pwG{vCPyOZ;W4^D$-?#7n!QgCH>uX}SsB-sgg(5d
z5b_yqPxt~GpEN*NIef;P(om(|+6t_t*xHGxm9W~d)`F|_1`i<`e~bi(<q^%7%`|~C
zOytZGKBM^N2mibfG#~itKXg2gjANu;Qpp}KW?^Y$O*j6!5WFsD-w=L_XSS1-RM@OU
zZ5^3W80vED3tOnXh`DLP7_8JW`T(s(We8JTXm6w}VTy4GEp3vpjEj4M?g@ueyP0mT
zCGc^0%y3pDlYsTR_IwPJEA`9_{s_wA?3voN)YNQ8A6Q==AMm3<!lPWzw_(rNTtLGW
zaAuaR>@2~>CSC278PJY5a&RqAH!McgV*K&FL)vn8Rm1*l+7dSp(#U?-GfvL$)(TLX
zZ2Q9Ps8Yjkw@u!HLG()IaX?hes&wataTI-zQLV#RXqZo~!FnmFl0140p@!`m*3OH$
zBNS&7(*fG5teyHZy%@xlhrI3&Y5!|j(XA+3kbCZ-Q|G}rmbOO2c|O~t!F=Bnt1w!(
z<25O{e&vu(Xm?^sjK{gH**XeCztf*2uuvp&__5B=c?VjZ-{m)b&Z3GdQ>AoanM6vT
znfHHWx(-kLn085>4nHJka(Hzmlh!)s!O=fhg_ubRh`n5LvHxUnvgZ?}PtlRU<$J-{
zrkUV3=V9tiCVVTTdQfjF_-w+&8`j7SPqJYS6Xv*zSt$h1f_xvdyA+Eew4k8R<fHNN
zxjCh{5sj)74AYO}-N!_k3iFzyv_4-kLKJLlG?8!ERVYDO;lzIRoUrgijZsY8NT_g;
zG3H`@PA+tWy5>o9=|)0v@IR+qFl18nGGj~_f3PH%VJ$F3=p#&us;qczvc_RaOI>k(
z+ENEJyWZfwve)g#t+;06bwH@OQdxFhfJvEGJtUF(bUHoRs52JP7c$|!$;Qy$^s>oC
z(~;}Kjfp5=E0ZNo0lU*<7L0VHJ06D3uOqM5Tdb9CFS*w4r1@}0g9{3Qs1?^P>X&lJ
z&0<T;6j$4L-fh~tV@v8P5i~7}jZD=T;)xaDc_^0~lCrum8t%QeS3j%tptKEp7Nhbe
zt8|~$YVoiCHtI===Fq{K=EFOZ$wk|)dN3}#N+VqyZd36H`Kad!OzGvQ(v5E?3XD6c
zsQ^+pL~$Px>Ejj#Mph^%UOC0{<S+XYrjLDdtn!3}k3It3LvmB#EuzPkT{B5jy+j5)
zgV(>my4sb){&;hlHHWKhkvCoXsxPXtK7PDn->)dsReP+etKYx=jxR>Eec8ymX}1Zw
z`?l<aJNZd=z3>O!?1FB*Bcp@<f==nM50Eu-oC!9)ylC=?fX|*6_BEB)kn-NE(20>`
z&PPQ0`g9RQD&HL9@MI@ILVc1&(P84wPOc&zk3C7OQ!;jAu|{MU>RFmDdEUmRYa<3$
ziEL_*nhN<NQ*M~84GcyLyp(8I2xFr$eKyL}q#qAO4@QN6_`-ZqsNg*L;Gn;8*J@{}
zkkZ;XxvA7q4HJ!Eu7GeDOM~c!odt~%38giJu_U+y5G^*3Ab3vGcR3EbPHx8CDKcl|
zT_C254P`j#RF1fO=Yt%9-l~gJ6mQ_8>9uzHom#GU-tb2&!8^kgt(1mq|8i*(4A&B}
zC<NUfO~`VOb%?GNQ<#^No_cXc92=t}YsFPzSa=uF>$M<42A>&0N`4TJgPxxHGZ9J0
zc6o?&BUspRW<l;hswzllPJM$u?>$d`q&H!KTt1+<4*vl`MQ%eT63gXK0F^GPrpD`d
z@yxO58asZg92J<+BvjK|?2R5FBO8&#383L3TzQt9_NVbu5BaHjyRO+_9&SJ}sNEA$
zF8)Au%wjX$Shg7#Tvq;I)WL8vkDkFZ7#Dnbvza2J%NTam+O(!EeB2;0Uh<^aBTVNI
zu^yRkrM)@{;5c3LEfV9ZFSAIiKD~d>odUlN3wKL++qmd)CE-)HOAyg{K5=)^JSVf2
zujFH&_I78rri6$Z!Zmhy)=r^ADB@BvnZsplGIN+u_68o7H32QSq00nkI364hGUIMF
zmEC#KqC#2}7^XbC^N<N+Ch@U>hQ;rGfPCVf&8={NW{0_V?DY1In?CUeHK<7kz4-xe
zdV#oNC&dtT_)V_Oq;^yCb)<h{R2KQD__n8&<QY6+mmn$}L6;v+=eqbtGu%!X&Kr2i
zr{>1PcFKM|7Dw;A6MN&K!aG^*=0Pk|0nLlSb)sIrm_+B}6F)!iI0KKNc->);ByYdz
zM)s7<rz6IglfoQ61At<jR>R?ZKCIzLuHe=&aG@S`W8eY(cCmnf*fYxK3~M|C&uJkz
zMTLDLwFM3S*&gu0WiDny$0y32Fn`K~x!ST(Xun3oUZlYLlWcj5cdeA<Z@+Wx_$0uw
zR?*^Y-mH=>EX0#F%8ND5gEfxYHSrttFy*S2)UFY@S;xyy<fsIA&R&ajAeV{g3a&!K
zVsU$Su)h4b`FqhdrYeY+vx6#)se6b(UBm6V>NLO)lkm8dsBDDGG9nimnSjW|L7Twn
zRh1&H+LjpuuGs$4Qf25>+Fn^DG*C~RJU5YnG~s6@Z6#i@Tu-~R8cx<ZAli@TM8|+Z
zB2tTCoO{CRXk?CXIvS-O?Zp=4#*~09vb;`fi_|lvvqb2z=GhaO$I9o5$m2-N5s4>^
z%X0K?UgRB9la$@B{`zyorV`7FD^P?a2LuF&kg1)4AtXXeKnRJ#8VEw7@dkj9Xo)Bl
zL>UwW*-P)MC1ZRM(K><mLI`@_v3gD@PW|8Ohxe%;iBSaOdrIAS6T)UlJ1DJ0KN#*b
zpfT{I8v{Vv=*oI$l#z7i@xa<z?6&cBrflPkTO?}f)WE$kyzmxNSi3bU_udUvAjk#|
zi9;)vJr<ls>FHeEGD6Z=Htc|~I3(hfKn>xd<o7mVe2`)U!E2hb`d&K!XnJjp*Ci)U
zr$h&VF_703!A21jNZl%R^Sv!r?H1963|sZa7~Y8boxcVW<1ugEElGrdhn~7Okn_lT
z7N_nIg5KcVHB$2+pc1v|P72N5X5b1|AGqmwG&*xL^yd%bEe)f$rPiBlK8PY%GOvNM
z(E9NUSr+L~6%LSD!ekpVxTZlGhglMpE+{x965Ork50n1{f%PZyBKWq8al#9~+Q7uq
zrT5W1-g5!A%*|r5Ub<k*S~NrEI9eg|OvcLia-Mx&=QnIWm<;P)m~kg!RyK^=dQpLJ
zbwn74qGTu|7KVvO=b5qpHc55?FAR)wmDX56`?Wy^hd&nj?08%t5BAZXuuAv#gdK?R
zA8B|#Pua4_SsE9Ww;TpGot|#+lN@~T-uI!aKjr|3Vh&-BQRcIYLH0vw9siVM`{o|6
zx02$3Z{Z0nDs<Pj7?`>4NWWUN;$a5JEXjhsC2S=iazVC7D^PN{g_R(Y+JbEHX4Eon
zJh|ETu;P7u@LQ@KA^nZv`Z=E^Ouq-V@B4gqo&rwn%Lw+<eM&S-J>HbF$4m)rJuoVm
z%Tyy*7;KuQFXoGt&M|DfF<v}*U9)hmC@(T9QJV~*LnRunT)C<EPK}$&5~jwGnu~^O
zgH{@Q+!{_{nV9&w#P`fWkEO(;!8pv%3MW&}Se@9y^~u^5Tknjzm1)UzExSPgAfx4F
zx(ix%g8(Dsf)_6n44J`{QrT=`yOqc_IZf)4Ads5$Uw33bZ)c0i0jd~R;cHkbQ&=j|
zZ(M}u5ciN06OhokY}R9I-P%(!`t8lZG5HyW)i7unu!Q#B?&`X<B#_Z_TZs?FdQFLs
zG3<Vlpz0zrNK9Q3hVZg6a$7t<apevbASLk@Wsp|H5FhC#L{wlk6VSaUYFCmeXy(T!
zAuiD-2kW`9Wta>-K4elN8LHNoG>8iy%<ki*CT!)jr)p+1T@z%2P#C4EqI!;n!x^i_
zT25E68hczBk#1Og89_ev0N|E6C8CTQ!>@!zU-e{;?ZW#&R3l3K7c)ccT!Y-9#y3dn
zra$70tpwdk=*O8xSY@dPQs|@tH7!o0=s7hUGhtjf8!Bf*Ot{m{4(oXku{B`2n1chl
zcMwLZQ2^Dq{zjUuJ4C)lXxVj;l9X?`(f5K!vUn;e=wdo=K>CrCQ1Z>@Flts9J;1z_
zyguQK9VGU?GaF~*O=lCB;5*JHoMF;Ka1F2(J~+dSK3J|LHhx&U$oDN8m8DgZiI8+@
z!(ZqJAeKmLo+zg3OUb<`P4bt@$TC4?UEvjHXOgp~deV7$;_1~)y&#u6EZaY`w!CW_
z&D#9hZkoJD^FNy%N_0gRG^<yf+J5FwkSOc>IJbWgyN|+e2p;sNL~vGkp8N^=$X$^%
zbym!cKJrh$PYy-5EBeWZk#h^bu_3i%P5dvuK&rW?t_97`mVL3)T9V7w?B!gjWXa`-
z*R&kmvFeryDqQC>afd5j5n4O&kqK-_w_E%{?~M4sRR>1Vaf*&n5IsT?6sZSG%I^Uc
z5}tUDWji!A6R!<nM5gjJe4k4>WI5r1G5Oz<pqL^bCNdr%%$6Ll23A^;82!^7fYSy_
ztCUxq2<%Dz@*%Q>QHRO)X$>Ok(43Eol!zrn^KJ5>7OI5o5B$N-s3{;uF5?CZV_eBo
zbAKFi-1!(?HmzDbxk5zK;Q1*T7L^)wctT|%AvSI+h3x9@A+iA3^rI=I=r^O!o|>>;
z1>+b5SsxWa+~5BoKj(`x(cIkoWD>-9u0|-ZuJc}F8p__9rMs|OUyQ!fGw*$wdeThA
ztkLW&FZ{Q6hvZfAGnpw#Y)oi_8kVZ$HXYItu@9090L(5Cz)OoPVAb=^G>sS`L~Mx<
zT6m6g3mpyPVGBV>a-|0_oW!+I0AD7bv^XAkoXDMwF|u$-QULujd4`SgYHW;W-uN(+
zVrj6}y7C<QTaN2EKeiOyd6;Y|xa-K_Y;1Rc86T`SxXg*+^;t(B;R>Gd<ee8ni)W!u
zm*%jvVR4p7LI!JtJp+>8k$kF|oyk(Xm+$sXZ%B;M-EGT8JGRAhBmCAB7k8{a5TA`K
z$dMg#ek`w0?$R*P+?11^J5s<)+5cslK^kACY_=GD2IlHM8TLhAB!B$hKPKGO@X~3x
zVn}XlluE=mf1O0^uu!3RFEA214tQGV0J5D71Rha{?tYL1LsJsJzct4)C?UTVhoiH0
z8HF0lo4tE6PWf@uoc+kG`3xX00C6m#m2td*B24@R#x5~R6DZo4#R=wWlH8<yk;lpv
z2x}KCs5})ZSvWm<g}CXmAPXXwBRVH?d811-PL~-go!&AcXa4RgNcDM;RjNyjoayt-
zlk{J7MFn!_cCt}shd#}J`&2iXpC6S+e*QaZ|J!ZLV>KFM$<tT@z2apq?uNlUDd_T5
zS9t6cH#8oIHZZalHS`zUPAhw5^h%mQLTQrwa@a!!N^b(Ugebp#IEy@(&4$k5#(CWX
zPN8xRIR~Xa=tj~>gNPDIqsbn9Ku}xk$}W1ltC4k+ODQ6COZAq}wZ5CFu(8l`Uv5K4
zLm|2U;?G?(fOz*m$lJfrVQS8~YY$3lL85nJp!f=%=uNl5h^@$RTlHKpoaW{m0dKtR
zMoOISJjg}h?h9$#LT*UNG4kw4yfCQxtkQx^$fLU&wOE~+_DYcn?ful^c~)*=ojCt%
zLFd#%MyGi)cXep$gMy_6+D!HG>1n@A`qv<H00Qd|`*OFZm7t|jEl#7Fq=Aoy?%1QC
zPF>xUZa|~ahb4kDhjL+oMyX#~5Nqe2n6({NY+L7)t-L&YHcPeXt|dp|-M%U+wd9~e
zce4IGz&f0El4P0O@5^kT)J2hllG0!-d(uZi`h>rrut{1!u=PJ^-J+xhAJKxjpoGdI
zi?a(qbFyq74xkm|#p`4>=5-WN8WynCS|}FJHN0$0rI?)gRN-WsFK<}854+C0R{b5C
zyxczUT1!Z0+Z{VHJI2=`Q&QX&$waeNYm>{<o>*1}9>cU^oN0W4z?MTh<9RKBfAU*=
zMAk32*{RZa4WIAcy~FP}-+%jB{)W%>yX$Yiee&krTOj%#{&@4`^_#bEuirjNUY{yM
z^5=-xNhZmYzqbzqC>d5d-}`^i&lMV&u70`9QQPXsnv7kd_&D&r%j0|I72mxd`}w{h
zl2!j2X1J?k-(6MZ4X$=q6zA&lcTZov3Pw|JA0((06r)O?2wDZDUnk7<nhEs(a#PkL
z;(Cy5bqT`MWKOO0>)}zPJ;;U~lB|}u^$}0dAc8Jm30BVU>fjW%`k1{!z%>!`)e*Cm
zGq@()_E_fqzT6J$G&!4ypv+fm^&$b8uLX(aZkrrLtQGtD%Ajn}fO;GTH#$+7GPVv9
z?J<z!Y{d>p;Z~n-fN0IRk-)9ku9WKk{J*RJ`#UPXuZ7+1i|SQ-?DwzM!|hK7EUjg)
zP>1Z-nT8bHjNT5iK5*UKHP!J@%%~8up=#@DWwX`-q>hO7a4BMwmHBEpEpJrmb@ken
zQdoJ|2^oBS{4wjyqR+nP$$v*Q5ip~GQZE`fEVU;>o-GFI37lOO1J`%XK`yxXm#4v4
z)Skt2I^wVyXgS<i$`!C+*e*o*NP`<if{gbS)B1+LNsD&HuIz{If#J=A6KEhPt_75@
z1Eln+Rj>f+iZ;nFmqmRSJ|8s7kkUW}U61&ezx(B~YIfnxiyjXl!051r-pS#}G1*4+
zel2LUfX4Q6HzFRTsM6T39)x+l2y{f9%ry(U?1)E~v8%pL+kW4O31nd{O!29oNU;q6
z?BD*^fBfs_r+@#`6^;WU^`Pgy+}&7^6RlB`dFe$bcm0LagT?Ft9)Ial{x-?JDi0)-
z<CiY%mra(+!#x`}AV7sC=$<%Y2cB=@=+~V#r?|_eP6x2sdDqYPiSgC$c!KPo2tOT~
zL&?R!AAYEty7<E%jFfAR1Q-6PI<RF;I9URx>Tu5K_jJ|ug^IIoM@K8kIx{RHtt2iH
zOcHPLN;^TdPNCNXrKsJpUWlq5;!zjFrYm=49SLYGxNx<=&4Ab}8W(D|9k@(?*R+tC
zrj8KIlW4mf+pP31)_KkFE33ZtMAp)Pc?zp5!W{Sn`mhGQnp#|!yawoJK^MoVXIrIp
zT~zZi$5}@o*z!aXhdZg&W;Ye<;~@1R0*I6B%>WxKa+<#dwMYPG7)UKp^UTS%d<jFx
zjMd+XryEZA-}^)KpjU6yGu6f~mu;Cxnd+UD`^zOBwE?_-9lTdrRbt45H9No+-MWeH
zpv)0dmofV8Zb7ft$G8z~zI*`%mTd45BRjj*fOhk6CezJm$e)9PTPC9n76vr+m_?}H
u+FA1J=j-R|=j-R|=j-R|=j-R|=j-R|=j-R|=j-Pm^z+|K2$d%QXaNA*Th<!@

diff --git a/dist b/dist
index 0ee7539..9c0e36e 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8_6
+an8
diff --git a/download b/download
index 488edc2..2d64500 100644
--- a/download
+++ b/download
@@ -1,2 +1,2 @@
-5cfc2380c195ed2806f6a5bf62f91195  selinux-policy-31a9744.tar.gz
-f36da01e65efec274d72c5467c22119a  selinux-policy-contrib-f659db9.tar.gz
+77a7214de69b0740599b63750c634857  selinux-policy-76d3f46.tar.gz
+0a174c1c07ff635153825a43de1071b0  selinux-policy-contrib-f71a764.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d2f7377..8f5bb4e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,12 +1,11 @@
-%define anolis_release .0.1
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 31a9744d4abf9817c82d29dd791b0439bd632852
+%global commit0 76d3f46c6576aa301aef3702c1c30739f506691f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 f659db9cce300873aabec1a11fcc39d69e043267
+%global commit1 f71a76424ebaf8e8af3896bc758cfe10b9102892
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -30,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 95%{anolis_release}%{?dist}.4
+Release: 108%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -149,7 +148,7 @@ SELinux policy development and man page package
 %{_usr}/share/selinux/devel/Makefile
 %{_usr}/share/selinux/devel/example.*
 %{_usr}/share/selinux/devel/policy.*
-%ghost %{_sharedstatedir}/sepolgen/interface_info
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
 
 %post devel
 selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null 
@@ -459,7 +458,7 @@ echo "
 #     enforcing - SELinux security policy is enforced.
 #     permissive - SELinux prints warnings instead of enforcing.
 #     disabled - No SELinux policy is loaded.
-SELINUX=disabled
+SELINUX=enforcing
 # SELINUXTYPE= can take one of these three values:
 #     targeted - Targeted processes are protected,
 #     minimum - Modification of targeted policy. Only selected processes are protected. 
@@ -718,96 +717,251 @@ exit 0
 %endif
 
 %changelog
-* Thu Aug 25 2022 Weitao Zhou <zhouwt@linux.alibaba.com> - 3.14.3-95.0.1.4
-- Disable selinux by default
-- cherry-pick [bfc16aa]
-
-* Mon Aug 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.4
-- rebuild
-Resolves: rhbz#2103606
-
-* Thu Aug 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.3
+* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
+- Allow unconfined_service_t insights client content filetrans
+Resolves: rhbz#2119507
+- Allow nsswitch_domain to connect to systemd-machined using a unix socket
+Resolves: rhbz#2119507
+- Add init_status_all_script_files() interface
+Resolves: rhbz#2119507
+- Add dev_dontaudit_write_raw_memory() and dev_read_vsock() interfaces
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 5
+Resolves: rhbz#2119507
+- Confine insights-client systemd unit
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 4
+Resolves: rhbz#2119507
+- Change rhsmcertd_t to insights_client_t in insights-client policy
+Resolves: rhbz#2119507
+- Allow insights-client send signull to unconfined_service_t
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 3
+Resolves: rhbz#2119507
+- Allow journalctl read init state
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution 2
+Resolves: rhbz#2119507
+
+* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
+- Label 319/udp port with ptp_event_port_t
+Resolves: rhbz#2118628
+- Allow unconfined and sysadm users transition for /root/.gnupg
+Resolves: rhbz#2119507
+- Add the kernel_read_proc_files() interface
+Resolves: rhbz#2119507
+- Add userdom_view_all_users_keys() interface
+Resolves: rhbz#2119507
+- Allow system_cronjob_t domtrans to rpm_script_t
+Resolves: rhbz#2118362
+- Allow smbd_t process noatsecure permission for winbind_rpcd_t
+Resolves: rhbz#2117199
+- Allow chronyd bind UDP sockets to ptp_event ports
+Resolves: rhbz#2118628
+- Allow samba-bgqd to read a printer list
+Resolves: rhbz#2118958
+- Add gpg_filetrans_admin_home_content() interface
+Resolves: rhbz#2119507
+- Update insights-client policy for additional commands execution
+Resolves: rhbz#2119507
+- Allow gpg read and write generic pty type
+Resolves: rhbz#2119507
+- Allow chronyc read and write generic pty type
+Resolves: rhbz#2119507
+- Disable rpm verification on interface_info
+Resolves: rhbz#2119472
+
+* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
+- Allow networkmanager to signal unconfined process
+Resolves: rhbz#1918148
+- Allow sa-update to get init status and start systemd files
+Resolves: rhbz#2011239
+- Allow samba-bgqd get a printer list
+Resolves: rhbz#2114737
 - Allow insights-client rpm named file transitions
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Add /var/tmp/insights-archive to insights_client_filetrans_named_content
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Use insights_client_filetrans_named_content
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Make default file context match with named transitions
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Allow rhsmcertd to read insights config files
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
 - Label /etc/insights-client/machine-id
-Resolves: rhbz#2103606
+Resolves: rhbz#2104913
+
+* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
+- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
+Resolves: rhbz#2108383
+- Update winbind_rpcd_t
+Resolves: rhbz#2108383
+- Allow irqbalance file transition for pid sock_files and directories
+Resolves: rhbz#2111916
+- Update irqbalance runtime directory file context
+Resolves: rhbz#2111916
+
+* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
+- Update samba-dcerpcd policy for kerberos usage 2
+Resolves: rhbz#2096825
+
+* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
+- Allow domain read usermodehelper state information
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls
+Resolves: rhbz#2083504
+- Allow samba-dcerpcd work with sssd
+Resolves: rhbz#2096825
+- Allow winbind_rpcd_t connect to self over a unix_stream_socket
+Resolves: rhbz#2096825
+- Update samba-dcerpcd policy for kerberos usage
+Resolves: rhbz#2096825
+- Allow keepalived read the contents of the sysfs filesystem
+Resolves: rhbz#2098189
+- Update policy for samba-dcerpcd
+Resolves: rhbz#2083504
+- Remove all kernel_read_usermodehelper_state() interface calls 2/2
+Resolves: rhbz#2083504
+- Update insights_client_filetrans_named_content()
+Resolves: rhbz#2091117
 
-* Tue Jul 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.2
-- Add the init_status_config_transient_files() interface
-Resolves: rhbz#2103606
+* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
 - Allow transition to insights_client named content
-Resolves: rhbz#2103606
-- Allow init_t to rw insights_client unnamed pipe
-Resolves: rhbz#2103606
-- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
-Resolves: rhbz#2103606
-- Add the gpg_manage_admin_home_content() interface
-Resolves: rhbz#2103606
-- Update insights_client_filetrans_named_content()
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Add the insights_client_filetrans_named_content() interface
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands 3
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
+
+* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
+- Add the init_status_config_transient_files() interface
+Resolves: rhbz#2091117
+- Allow init_t to rw insights_client unnamed pipe
+Resolves: rhbz#2091117
+- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
+Resolves: rhbz#2091117
 - Allow insights-client get status of the systemd transient scripts
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Allow insights-client execute its private memfd: objects
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands 2
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Do not call systemd_userdbd_stream_connect() for insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Use insights_client_tmp_t instead of insights_client_var_tmp_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Change space indentation to tab in insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Use socket permissions sets in insights-client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Update policy for insights-client to run additional commands
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Change rpm_setattr_db_files() to use a pattern
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Add rpm setattr db files macro
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Fix insights client
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
 - Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2091117
+
+* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
+- Update logging_create_generic_logs() to use create_files_pattern()
+Resolves: rhbz#2081907
+- Add the auth_read_passwd_file() interface
+Resolves: rhbz#2083504
+- Allow auditd_t noatsecure for a transition to audisp_remote_t
+Resolves: rhbz#2081907
+- Add support for samba-dcerpcd
+Resolves: rhbz#2083504
+- Allow rhsmcertd create generic log files
+Resolves: rhbz#1852086
+- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
+Resolves: rhbz#2090800
+
+* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
+- Allow ifconfig_t domain to manage vmware logs
+Resolves: rhbz#1721943
 - Allow insights-client manage gpg admin home content
-Resolves: rhbz#2103606
+Resolves: rhbz#2060834
+- Add the gpg_manage_admin_home_content() interface
+Resolves: rhbz#2060834
 - Label /var/cache/insights with insights_client_cache_t
-Resolves: rhbz#2103606
+Resolves: rhbz#2063195
 - Allow insights-client search gconf homedir
-Resolves: rhbz#2103606
+Resolves: rhbz#2087069
 - Allow insights-client create and use unix_dgram_socket
-Resolves: rhbz#2103606
+Resolves: rhbz#2087069
+- Label more vdsm utils with virtd_exec_t
+Resolves: rhbz#2063871
+- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
+Resolves: rhbz#2063871
+- Allow sblim-gatherd the kill capability
+Resolves: rhbz#2082677
+- Allow privoxy execmem
+Resolves: rhbz#2083940
+
+* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
+- Allow sysadm user execute init scripts with a transition
+Resolves: rhbz#2039662
+- Change invalid type redisd_t to redis_t in redis_stream_connect()
+Resolves: rhbz#1897517
+- Allow php-fpm write access to /var/run/redis/redis.sock
+Resolves: rhbz#1897517
+- Allow sssd read systemd-resolved runtime directory
+Resolves: rhbz#2060721
+- Allow postfix stream connect to cyrus through runtime socket
+Resolves: rhbz#2066005
 - Allow insights-client create_socket_perms for tcp/udp sockets
-Resolves: rhbz#2103606
+Resolves: rhbz#2073395
 - Allow insights-client read rhnsd config files
-Resolves: rhbz#2103606
+Resolves: rhbz#2073395
+- Allow sblim-sfcbd connect to sblim-reposd stream
+Resolves: rhbz#2075810
+- Allow rngd drop privileges via setuid/setgid/setcap
+Resolves: rhbz#2076641
+- Allow rngd_t domain to use nsswitch
+Resolves: rhbz#2076641
+
+* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
+- Create macro corenet_icmp_bind_generic_node()
+Resolves: rhbz#2070870
+- Allow traceroute_t and ping_t to bind generic nodes.
+Resolves: rhbz#2070870
+- Allow administrative users the bpf capability
+Resolves: rhbz#2070983
 - Allow insights-client search rhnsd configuration directory
-Resolves: rhbz#2103606
-
-* Thu Jun 09 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.1
-- Label more vdsm utils with virtd_exec_t
-Resolves: rhbz#2095184
+Resolves: rhbz#2073395
+- Allow ntlm_auth read the network state information
+Resolves: rhbz#2073349
+- Allow keepalived setsched and sys_nice
+Resolves: rhbz#2008033
+- Revert "Allow administrative users the bpf capability"
+Resolves: rhbz#2070983
+
+
+* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
+- Add interface rpc_manage_exports
+Resolves: rhbz#2062183
+- Allow sshd read filesystem sysctl files
+Resolves: rhbz#2061403
+- Update targetd nfs & lvm
+Resolves: rhbz#2062183
+- Allow dhcpd_t domain to read network sysctls.
+Resolves: rhbz#2059509
+- Allow chronyd talk with unconfined user over unix domain dgram socket
+Resolves: rhbz#2065313
+- Allow fenced read kerberos key tables
+Resolves: rhbz#1964839
 
 * Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
 - Allow hostapd talk with unconfined user over unix domain dgram socket
-Resolves: rhbz#2064284
+Resolves: rhbz#2068007
 
 * Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
 - Allow chronyd send a message to sosreport over datagram socket
 - Allow systemd-logind dbus chat with sosreport
-Resolves: rhbz#1949493
+Resolves: rhbz#2062607
 
 * Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
 - Allow systemd-networkd dbus chat with sosreport
-- 
Gitee


From cc92a5b5c9a0acd725b162feda342462a7b7a825 Mon Sep 17 00:00:00 2001
From: songmingliang <songmingliang@uniontech.com>
Date: Tue, 17 May 2022 22:23:03 +0800
Subject: [PATCH 2/2] spec: disable selinux by default

---
 selinux-policy.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8f5bb4e..4bf1e8a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
 %global commit0 76d3f46c6576aa301aef3702c1c30739f506691f
@@ -29,7 +30,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 108%{?dist}
+Release: 108%{anolis_release}%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -458,7 +459,7 @@ echo "
 #     enforcing - SELinux security policy is enforced.
 #     permissive - SELinux prints warnings instead of enforcing.
 #     disabled - No SELinux policy is loaded.
-SELINUX=enforcing
+SELINUX=disabled
 # SELINUXTYPE= can take one of these three values:
 #     targeted - Targeted processes are protected,
 #     minimum - Modification of targeted policy. Only selected processes are protected. 
@@ -717,6 +718,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Dec 27 2022 Weitao Zhou <zhouwt@linux.alibaba.com> - 3.14.3-108.0.1
+- Disable selinux by default
+
 * Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
 - Allow unconfined_service_t insights client content filetrans
 Resolves: rhbz#2119507
-- 
Gitee