* Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-28
- Allow mailman_mail_t domain to search for apache configs
- Allow mailman_cgi_t domain to ioctl an httpd with a unix domain stream sockets.
- Improve procmail_domtrans() to allow mmaping procmail_exec_t
- Allow ptrace arbitrary processes
- Allow jabberd_router_t domain read kerberos keytabs BZ(1573945)
- Allow certmonger to geattr of filesystems BZ(1578755)
- Allow hypervvssd_t domain to read fixed disk devices
- Allow several domains to manage ecryptfs_t filesystem
- Allow userdom_use_user_ttys for loadkeys_t domain
- Add dac_override capability to cachefiles_kernel_t domain
- Allow blueman to execute ldconfig BZ(1577581)
- Allow gpg_pinentry_t domain to read state of gpg_t processes
- Allow xdm_t domain to mmap xserver_misc_device_t files
- Allow xdm_t domain to execute systemd-coredump binary
- Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set
- Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries
- Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary
- Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries
- Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries.
- Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface
- Improve running xorg with proper SELinux domain even if systemd security feature NoNewPrivileges is used
- Associate sysctl_vm_overcommit_t with fs_t
- Allow systemd creating bluetooth sockets
- Allow ssh client to read network sysctl BZ(1574170)
- Allow systemd_resolved_t and systemd_networkd_t to read dbus pid files