* Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-28
    - Allow mailman_mail_t domain to search for apache configs
    - Allow mailman_cgi_t domain to ioctl an httpd with a unix domain stream sockets.
    - Improve procmail_domtrans() to allow mmaping procmail_exec_t
    - Allow ptrace arbitrary processes
    - Allow jabberd_router_t domain read kerberos keytabs BZ(1573945)
    - Allow certmonger to geattr of filesystems BZ(1578755)
    - Allow hypervvssd_t domain to read fixed disk devices
    - Allow several domains to manage ecryptfs_t filesystem
    - Allow userdom_use_user_ttys for loadkeys_t domain
    - Add dac_override capability to cachefiles_kernel_t domain
    - Allow blueman to execute ldconfig BZ(1577581)
    - Allow gpg_pinentry_t domain to read state of gpg_t processes
    - Allow xdm_t domain to mmap xserver_misc_device_t files
    - Allow xdm_t domain to execute systemd-coredump binary
    - Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set
    - Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries
    - Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary
    - Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries
    - Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries.
    - Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface
    - Improve running xorg with proper SELinux domain even if systemd security feature NoNewPrivileges is used
    - Associate sysctl_vm_overcommit_t with fs_t
    - Allow systemd creating bluetooth sockets
    - Allow ssh client to read network sysctl BZ(1574170)
    - Allow systemd_resolved_t and systemd_networkd_t to read dbus pid files