* Thu Sep 15 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-214
- Allow attach usb device to virtual machine BZ(1276873)
- Dontaudit mozilla_plugin to sys_ptrace
- Allow nut_upsdrvctl_t domain to read udev db BZ(1375636)
- Fix typo
- Allow geoclue to send msgs to syslog. BZ(1371818)
- Allow abrt to read rpm_tmp_t dirs
- Add interface rpm_read_tmp_files()
- Remove labels for somr docker sandbox files for now. This needs to be reverted after fixes in docker-selinux
- Update oracleasm SELinux module that can manage oracleasmfs_t blk files. Add dac_override cap to oracleasm_t domain.
- Add few rules to pcp SELinux module to make ti able to start pcp_pmlogger service
- Revert "label /var/lib/kubelet as svirt_sandbox_file_t"
- Remove file context for /var/lib/kubelet. This filecontext is part of docker now
- Add oracleasm_conf_t type and allow oracleasm_t to create /dev/oracleasm
- Label /usr/share/pcp/lib/pmie as pmie_exec_t and /usr/share/pcp/lib/pmlogger as pmlogger_exec_t
- Allow mdadm_t to getattr all device nodes
- Dontaudit gkeyringd_domain to connect to system_dbusd_t
- Add interface dbus_dontaudit_stream_connect_system_dbusd()
- Allow guest-set-user-passwd to set users password.
- Allow domains using kerberos to read also kerberos config dirs
- Add kdymp_t domain sys_admin capability BZ(1357949)
- Allow dnssec_trigger to exec ldconfig
- Label /var/lib/docker-latest/vfs as svirt_sandbox_file_t
- Fix typo bugs in rsync and inetd SELinux modules
- Label /var/lib/docker/vfs as svirt_sandbox_file_t in virt SELinux module
- Merge pull request #147 from rhatdan/virt
- Merge pull request #149 from rhatdan/daemon_contrib
- Merge pull request #151 from rhatdan/msg
- Allow add new interface to new namespace BZ(1375124)
- Allow systemd to relalbel files stored in /run/systemd/inaccessible/
- Add interface fs_getattr_tmpfs_blk_file()
- Dontaudit domain to create any file in /proc. This is kernel bug.
- Improve regexp for power_unit_file_t files. To catch just systemd power unit files.
- Add new interface fs_getattr_oracleasmfs_fs()
- Add interface fs_manage_oracleasm()
- Label /dev/kfd as hsa_device_t
- Update seutil_manage_file_contexts() interface that caller domain can also manage file_context_t dirs
- Add transition rule that caller domain can create resolv.conf link file with correct label in sysnet_filetrans_named_content() interface
- Add systemd_machined_t kill capability
- Allow systemd_machined_t to read nsfs_t files
- Allow run sulogin_t in range mls_systemlow-mls_systemhigh.
* Thu Sep 15 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-213
- Bump release