From 1bf3f8ba3ba4bd591fa6130887dcf1d728d2f58f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Date: Thu, 18 Jul 2024 15:36:07 -0400
Subject: [PATCH] selinux-policy: Change unconfined to a separate module.
 (#9879)

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 SPECS/selinux-policy/modules_targeted.conf          | 2 +-
 SPECS/selinux-policy/selinux-policy.signatures.json | 2 +-
 SPECS/selinux-policy/selinux-policy.spec            | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/SPECS/selinux-policy/modules_targeted.conf b/SPECS/selinux-policy/modules_targeted.conf
index d6dd368c8f5..1479998879a 100644
--- a/SPECS/selinux-policy/modules_targeted.conf
+++ b/SPECS/selinux-policy/modules_targeted.conf
@@ -49,7 +49,7 @@ selinuxutil = base
 sysnetwork = base
 systemd = base
 udev = base
-unconfined = base
+unconfined = module
 userdomain = base
 # required by systemd:
 xdg = base
\ No newline at end of file
diff --git a/SPECS/selinux-policy/selinux-policy.signatures.json b/SPECS/selinux-policy/selinux-policy.signatures.json
index 62a8937de90..dfd4add4bc6 100644
--- a/SPECS/selinux-policy/selinux-policy.signatures.json
+++ b/SPECS/selinux-policy/selinux-policy.signatures.json
@@ -3,7 +3,7 @@
   "Makefile.devel": "cd065e896d7eb11e238a05b9102359ea370ec75b27785a81935c985899ed2df6",
   "booleans_targeted.conf": "009f880c7179a007569dfdbf40ef64ae41671ad33cc2717eebbdaeb8ab431d12",
   "macros.selinux-policy": "027f5d27441a7262365c26076dc3b7ab1f1ac62026ae94514020e0607e53a73a",
-  "modules_targeted.conf": "0a3444baa54aef35220e9954d1175da091155f240bf989caa7dfb9ef64302a76",
+  "modules_targeted.conf": "b8fdff7cf2280bf71fa5841e9d3e5a8add4b30cdcbd21bc4fb2340d53b3bc23f",
   "refpolicy-2.20240226.tar.bz2": "7ed41f4f45189b9ee9706da8ac357eccc103651b56daabaddb54c436e8117cf9"
  }
 }
diff --git a/SPECS/selinux-policy/selinux-policy.spec b/SPECS/selinux-policy/selinux-policy.spec
index a42cdd653cd..4f202ba7c76 100644
--- a/SPECS/selinux-policy/selinux-policy.spec
+++ b/SPECS/selinux-policy/selinux-policy.spec
@@ -9,7 +9,7 @@
 Summary:        SELinux policy
 Name:           selinux-policy
 Version:        %{refpolicy_major}.%{refpolicy_minor}
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -335,6 +335,9 @@ exit 0
 selinuxenabled && semodule -nB
 exit 0
 %changelog
+* Tue Jul 16 2024 Chris PeBenito <chpebeni@microsoft.com> - 2.20240226-5
+- Change unconfined to a separate module so it can be disabled.
+
 * Mon Jul 01 2024 Chris PeBenito <chpebeni@microsoft.com> - 2.20240226-4
 - Add cloud-init and kmod fixes.