* Sun May 14 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-225.15
- auth_use_nsswitch can call only domain not attribute
- Fix broken cermonger module
- Dontaudit net_admin cap for winbind_t
- Allow tlp_t domain to stream connect to system bus
- Allow hypervkvp_t domain execute hostname
- Dontaudit sssd_selinux_manager_t use of net_admin capability
- Allow sssd_selinux_manager_t to ioctl init_t sockets
- Allow pki_tomcat_t domain read /etc/passwd.
- Label new path for ipa-otpd
- Allow radiusd_t domain stream connect to postgresql_t
- Allow rhsmcertd_t to execute hostname_exec_t binaries.
- Allow virtlogd to append nfs_t files when virt_use_nfs=1
- Allow httpd_t domain read also httpd_user_content_type lnk_files.
- Dontaudit <user>_gkeyringd_t stream connect to system_dbusd_t
- Label /var/www/html/nextcloud/data as httpd_sys_rw_content_t
- Add interface ipa_filetrans_named_content()
- Allow tomcat use nsswitch
- Allow dirsrv read cgroup files.
- Allow certmonger_t start/status generic services
- Allow sendmail_t domain sysctl_net_t files
- Allow targetd_t domain read network state and getattr on loop_control_device_t
- Allow condor_schedd_t domain send mails.
- Fixed typo bugs from sssd module
- Fix typo in sssd interface file
- Add sssd_secrets labeling
- Allow ntpd to creating sockets. BZ(1434395)
- Revert "Allow <role>_su_t to create netlink_selinux_socket"
- Allow <role>_su_t to create netlink_selinux_socket
- Allow unconfined_t to module_load any file
- Allow staff to systemctl virt server when staff_use_svirt=1
- Allow unconfined_t create /tmp/ca.p12 file with ipa_tmp_t context
- Allow netutils setpcap capability
- Dontaudit leaked file descriptor happening in setfiles_t domain BZ(1388124)