* Mon Apr 03 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-225.12
- Allow drbd load modules
- Revert "Add sys_module capability for drbd"
- Fix cockpit module
- Allow sssd responders to run as socket activated services
- Allow radius_t domain ptrace
- Update pcp SELinux module to reflect all pcp changes
- Revert "Remove tomcat_t domain from unconfined domains"
- Label /var/lib/ssl_db as squid_cache_t Label /etc/squid/ssl_db as squid_cache_t
- Allow pcp_pmcd_t domain search for network sysctl Allow pcp_pmcd_t domain sys_ptrace capability
- Update targetd policy
- Label /run/haproxy.sock socket as haproxy_var_run_t
- Allow oddjob_mkhomedir_t to mamange autofs_t dirs.
- Allow tomcat to connect on http_cache_port_t
- Allow nova domain search for httpd configuration.
- Add sys_module capability for drbd
- Allow cloud_init to send dbus messages to the init system
- Dontaudit postfix domains to request modules
- Add haproxy_t domain fowner capability
- Allow domain transition from ntpd_t to hwclock_t domains
- Allow cockpit_session_t setrlimit and sys_resource
- Dontaudit svirt_t read state of libvirtd domain
- Update httpd and gssproxy modules to reflects latest changes in freeipa
- Make fwupd_var_lib_t type mountpoint. BZ(1429341)
- Remove tomcat_t domain from unconfined domains
- Create new boolean: sanlock_enable_home_dirs()
- Allow mdadm_t domain to read/write nvme_device_t
- Allow cyrus stream connect to gssproxy
- Label /usr/libexec/cockpit-ssh as cockpit_session_exec_t and allow few rules
- Allow colord_t to read systemd hwdb.bin file
- Allow dirsrv_t to create /var/lock/dirsrv labeled as dirsrc_var_lock_t
- Allow ptp4l wake_alarm capability
- Add nmbd_t capability2 block_suspend
- Add domain transition from sosreport_t to iptables_t