Update Changelog and VERSION for release 2.20220106.

Signed-off-by: Chris PeBenito <[email protected]>

Changelog

@@ -1,3 +1,171 @@
+* Thu Jan 06 2022 Chris PeBenito <[email protected]> - 2.20220106
+Björn Esser (1):
+      authlogin: add fcontext for tcb
+
+Chris PeBenito (72):
+         0xC0ncord/bugfix/systemd-user-exec-apps-hookup
+      systemd, ssh, ntp: Read fips_enabled crypto sysctl.
+      systemd: Unit generator fixes.
+      systemd: Revise tmpfiles factory to allow writing all configs.
+      systemd: User runtime reads user cgroup files.
+      logging: Add audit_control for journald.
+      udev: Manage EFI variables.
+      ntp: Handle symlink to drift directory.
+      logging: Allow auditd to stat() dispatcher executables.
+      Drop module versioning.
+      tests.yml: Disable policy_module() selint checks.
+
+Christian Goettsche (1):
+      check_fc_files: allow optional @ character
+
+Christian Göttsche (2):
+      filesystem: add fs_use_trans for ramfs
+      Ignore umask on when installing headers
+
+Dave Sugar (4):
+      Allow iscsid to request kernel module load
+      Allow iscsid to check fips_enabled
+      sshd: allow to run /usr/bin/fipscheck (to check fips state)
+      systemd: resolve error with systemd-sysctl
+
+Fabrice Fontaine (2):
+      policy/modules/services/samba.te: make crack optional
+      policy/modules/services/wireguard.te: make iptables optional
+
+Gao Xiang (1):
+      Add erofs as a SELinux capable file system
+
+Jonathan Davies (7):
+      chronyd.te: Added chronyd_hwtimestamp boolean for chronyd_t to access
+         net_admin capability, this is required for its `hwtimestamp` option,
+         which otherwise returns:
+      virt.te: Fixed typo in virtlogd_t virt_common_runtime_t
+         manage_files_pattern.
+      obfs4proxy: Added policy.
+      tor: Added interfaces and types for obfs4proxy support.
+      corenetwork.te.in: Added ntske port.
+      chronyd.te: Added support for bind/connect/recv/send NTS packets.
+      chronyd: Allow access to read certs.
+
+Kenton Groombridge (83):
+      userdomain: add user exec domain attribute and interface
+      systemd: assign user exec attribute to systemd --user instances
+      systemd: add interface to support monitoring and output capturing of child
+         processes
+      wm: add user exec domain attribute to wm domains
+      ssh: add interface to execute and transition to ssh client
+      userdomain: add interface to allow mapping all user home content
+      git, roles: add policy for git client
+      apache, roles: use user exec domain attribute
+      screen, roles: use user exec domain attribute
+      git, roles: use user exec domain attribute
+      postgresql, roles: use user exec domain attribute
+      ssh, roles: use user exec domain attribute
+      sudo, roles: use user exec domain attribute
+      syncthing, roles: use user exec domain attribute
+      xscreensaver, roles: use user exec domain attribute
+      xserver, roles, various: use user exec domain attribute
+      authlogin, roles: use user exec domain attribute
+      bluetooth, roles: use user exec domain attribute
+      cdrecord, roles: use user exec domain attribute
+      chromium, roles: use user exec domain attribute
+      cron, roles: use user exec domain attribute
+      dirmngr, roles: use user exec domain attribute
+      evolution, roles: use user exec domain attribute
+      games, roles: use user exec domain attribute
+      gnome, roles: use user exec domain attribute
+      gpg, roles: use user exec domain attribute
+      irc, roles: use user exec domain attribute
+      java, roles: use user exec domain attribute
+      libmtp, roles: use user exec domain attribute
+      lpd, roles: use user exec domain attribute
+      mozilla, roles: use user exec domain attribute
+      mplayer, roles: use user exec domain attribute
+      mta, roles: use user exec domain attribute
+      openoffice, roles: use user exec domain attribute
+      pulseaudio, roles: use user exec domain attribute
+      pyzor, roles: use user exec domain attribute
+      razor, roles: use user exec domain attribute
+      rssh, roles: use user exec domain attribute
+      spamassassin, roles: use user exec domain attribute
+      su, roles: use user exec domain attribute
+      telepathy, roles: use user exec domain attribute
+      thunderbird, roles: use user exec domain attribute
+      tvtime, roles: use user exec domain attribute
+      uml, roles: use user exec domain attribute
+      userhelper, roles: use user exec domain attribute
+      vmware, roles: use user exec domain attribute
+      wireshark, roles: use user exec domain attribute
+      wm, roles: use user exec domain attribute
+      hadoop, roles: use user exec domain attribute
+      shutdown, roles: use user exec domain attribute
+      cryfs, roles: use user exec domain attribute
+      wine: use user exec domain attribute
+      mono: use user exec domain attribute
+      sudo: add tunable to control user exec domain access
+      su: add tunable to control user exec domain access
+      shutdown: add tunable to control user exec domain access
+      mpd, pulseaudio: split domtrans and client access
+      mcs: deprecate mcs overrides
+      mcs: restrict create, relabelto on mcs files
+      fs: add pseudofs attribute and interfaces
+      devices: make usbfs pseudofs instead of noxattrfs
+      git: fix typo in git hook exec access
+      dovecot, spamassassin: allow dovecot to execute spamc
+      mta, spamassassin: fixes for rspamd
+      certbot, various: allow various services to read certbot certs
+      usbguard, sysadm: misc fixes
+      ssh: fix for polyinstantiation
+      sysadm, systemd: fixes for systemd-networkd
+      asterisk: allow reading generic certs
+      bind: fixes for unbound
+      netutils: fix ping
+      policykit, systemd: allow policykit to watch systemd logins and sessions
+      spamassassin: fix file contexts for rspamd symlinks
+      mcs: add additional constraints to databases
+      mcs: constrain misc IPC objects
+      mcs: combine single-level object creation constraints
+      various: deprecate mcs override interfaces
+      corenet: make netlabel_peer_t mcs constrained
+      mcs: constrain context contain access
+      mcs: only constrain mcs_constrained_type for db accesses
+      guest, xguest: remove apache role access
+      wine: fix roleattribute statement
+      testing: accept '@' as a valid ending character in filecon checker
+
+Pedro (1):
+      File context for nginx cache files
+
+Vit Mojzis (1):
+      Improve error message on duplicate definition of interface
+
+Yi Zhao (24):
+      rpc: remove obsolete comment line
+      secadm: allow secadm to read selinux policy
+      rpcbind: allow sysadm to run rpcinfo
+      samba: allow smbd_t to send and receive messages from avahi over dbus
+      rpc: add dac_read_search capability for rpcd_t
+      bluetooth: fixes for bluetoothd
+      avahi: allow avahi_t to watch /etc/avahi directory
+      udev: allow udev_t to watch udev_rules_t dir
+      rpc: allow rpc.mountd to list/watch NFS server directory
+      usermanage: do not audit attempts to getattr of proc for passwd_t and
+         useradd_t
+      selinuxutil: allow setfiles_t to read kernel sysctl
+      rngd: fixes for rngd
+      dbus: allow dbus-daemon to map SELinux status page
+      bind: fixes for bind
+      passwd: allow passwd to map SELinux status page
+      ipsec: fixes for strongswan
+      samba: fixes for smbd/nmbd
+      ntp: allow ntpd to set rlimit_memlock
+      ssh: do not audit attempts by ssh-keygen to read proc
+      acpid: allow acpid to watch the directories in /dev
+      bluetooth: allow bluetoothd to create alg_socket
+      systemd: allow systemd-hostnamed to read udev runtime files
+      su: allow su to map SELinux status page
+      modutils: allow kmod_t to write keys
+
 * Wed Sep 08 2021 Chris PeBenito <[email protected]> - 2.20210908
 Andreas Freimuth (2):
       Prefer user_fonts_config_t over xdg_config_t

VERSION

@@ -1 +1 @@
-2.20210908
+2.20220106