From 465fbb5a8377968e09132e952b8332eb6a36fee2 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Apr 16 2018 09:25:58 +0000
Subject: * Mon Apr 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-21

- Allow certwatch to manage cert files BZ(1561418)
- Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748)
- Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files
- Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851)
- Allow pppd_t domain read/write l2tpd pppox sockets BZ(1566096)
- Allow xguest user use bluetooth sockets if xguest_use_bluetooth boolean is turned on.
- Allow pppd_t domain creating pppox sockets BZ(1566271)
- Allow abrt to map var_lib_t files
- Allow chronyc to read system state BZ(1565217)
- Allow keepalived_t domain to chat with systemd via dbus
- Allow git to mmap git_(sys|user)_content_t files BZ(1518027)
- removed boinc dev_getattr_*_dev
- Allow iptables_t domain to create dirs in etc_t with system_conf_t labels
- Allow x userdomain to mmap xserver_tmpfs_t files
- Allow sysadm_t to mount tracefs_t
- Allow unconfined user all perms under bpf class BZ(1565738)
- Allow SELinux users (except guest and xguest) to using bluetooth sockets
- Add new interface files_map_var_lib_files()
- Allow user_t and staff_t domains create netlink tcpdiag sockets
- Allow systemd-networkd to read sysctl_t files
- Allow systemd_networkd_t to read/write tun tap devices
- refpolicy: Update for kernel sctp support

---

diff --git a/.gitignore b/.gitignore
index d3c2153..f02fd7a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -270,3 +270,5 @@ serefpolicy*
 /selinux-policy-contrib-1255203.tar.gz
 /selinux-policy-b8ba12a.tar.gz
 /selinux-policy-contrib-5ee31e8.tar.gz
+/selinux-policy-31ddb33.tar.gz
+/selinux-policy-contrib-a5ef4ca.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 27395fe..e5d74f8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 b8ba12a5d68de91be7f86827a56ad1de08c00ac6
+%global commit0 31ddb33465648c6d7873c02f6a853d90d11d825c
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5ee31e84b34ae6a57ac51f558f9e2f4cdb9cf9b3
+%global commit1 a5ef4ca438655d634177187c7626591cd4282d16
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.1
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -717,6 +717,30 @@ exit 0
 %endif
 
 %changelog
+* Mon Apr 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-21
+- Allow certwatch to manage cert files BZ(1561418)
+- Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748)
+- Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files
+- Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851)
+- Allow pppd_t domain read/write l2tpd pppox sockets BZ(1566096)
+- Allow xguest user use bluetooth sockets if xguest_use_bluetooth boolean is turned on.
+- Allow pppd_t domain creating pppox sockets BZ(1566271)
+- Allow abrt to map var_lib_t files
+- Allow chronyc to read system state BZ(1565217)
+- Allow keepalived_t domain to chat with systemd via dbus
+- Allow git to mmap git_(sys|user)_content_t files BZ(1518027)
+- removed boinc dev_getattr_*_dev
+- Allow iptables_t domain to create dirs in etc_t with system_conf_t labels
+- Allow x userdomain to mmap xserver_tmpfs_t files
+- Allow sysadm_t to mount tracefs_t
+- Allow unconfined user all perms under bpf class BZ(1565738)
+- Allow SELinux users (except guest and xguest) to using bluetooth sockets
+- Add new interface files_map_var_lib_files()
+- Allow user_t and staff_t domains create netlink tcpdiag sockets
+- Allow systemd-networkd to read sysctl_t files
+- Allow systemd_networkd_t to read/write tun tap devices
+- refpolicy: Update for kernel sctp support
+
 * Sat Apr 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-20
 - Add new boolean redis_enable_notify()
 - Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
diff --git a/sources b/sources
index 5f5a5b4..ac7f5dc 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-b8ba12a.tar.gz) = 73ba405607352fb68fcea77c8e8139cc537d19734533df37facb39d95c80f90e46b5da6cd486b9ce1442f7f37e62ebd4d3af48ad1147434be1714b572614a501
-SHA512 (selinux-policy-contrib-5ee31e8.tar.gz) = 54c9638f6c4ef29320d28e3429458dbf1ffde92b65ad51e937f59d0a6e0940fbde87bdaba321eb5f43c85cb3d0ed3229660f0c7742dc4e95648976ea7fdee464
-SHA512 (container-selinux.tgz) = 9d35efc77e6a14dc1f2a434203e72996c12f5eeb8fb48c5ef95813b4fdee1a31018199a0803c1de8b06253d9cf3848cf7195d21defadfd95c1510955987991e8
+SHA512 (selinux-policy-31ddb33.tar.gz) = 9b430dcd9c15c89b525f9a1d843c9a3f5a876735a9ccca2d2029c69e91391083e793fe4a59186d33223fa1c32c0ba84b2d0f8c08597885c477ea2903a8128f99
+SHA512 (selinux-policy-contrib-a5ef4ca.tar.gz) = d625756eedf3916dab62d49120a36f52ff46671054328f23f0c71b5a1cad565c8b91b42fa180d312b4b1b0fbcc64155f9f46146edfa0b8791717588be83feb92
+SHA512 (container-selinux.tgz) = 4150b92995ab0fe0f62f1c2078b25b4c1ca194d49ab212dcc4ecab311edc5a3de31938f31cbc246da95bf898c7fa6bc4b4a839769ae806a28cf5e662b956b897