* Mon Feb 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.14-1
    - Allow userdomain get attributes of files on an nsfs filesystem
    - Allow opafm create NFS files and directories
    - Allow virtqemud create and unlink files in /etc/libvirt/
    - Allow virtqemud domain transition on swtpm execution
    - Add the swtpm.if interface file for interactions with other domains
    - Allow samba to have dac_override capability
    - systemd: allow sys_admin capability for systemd_notify_t
    - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
    - Allow thumb_t to watch and watch_reads mount_var_run_t
    - Allow krb5kdc_t map krb5kdc_principal_t files
    - Allow unprivileged confined user dbus chat with setroubleshoot
    - Allow login_userdomain map files in /var
    - Allow wireguard work with firewall-cmd
    - Differentiate between staff and sysadm when executing crontab with sudo
    - Add crontab_admin_domtrans interface
    - Allow abrt_t nnp domain transition to abrt_handle_event_t
    - Allow xdm_t to watch and watch_reads mount_var_run_t
    - Dontaudit subscription manager setfscreate and read file contexts
    - Don't audit crontab_domain write attempts to user home
    - Transition from sudodomains to crontab_t when executing crontab_exec_t
    - Add crontab_domtrans interface
    - Fix label of pseudoterminals created from sudodomain
    - Allow utempter_t use ptmx
    - Dontaudit rpmdb attempts to connect to sssd over a unix stream socket
    - Allow admin user read/write on fixed_disk_device_t