* Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-25
- Add dac_override capability to remote_login_t domain
- Allow chrome_sandbox_t to mmap tmp files
- Update ulogd SELinux security policy
- Allow rhsmcertd_t domain send signull to apache processes
- Allow systemd socket activation for modemmanager
- Allow geoclue to dbus chat with systemd
- Fix file contexts on conntrackd policy
- Temporary fix for varnish and apache adding capability for DAC_OVERRIDE
- Allow lsmd_plugin_t domain to getattr lsm_t unix stream sockets
- Add label for /usr/sbin/pacemaker-remoted to have cluster_exec_t
- Allow nscd_t domain to be system dbusd client
- Allow abrt_t domain to read sysctl
- Add dac_read_search capability for tangd
- Allow systemd socket activation for rshd domain
- Add label for /usr/libexec/cyrus-imapd/master as cyrus_exec_t to have proper SELinux domain transition from init_t to cyrus_t
- Allow kdump_t domain to map /boot files
- Allow conntrackd_t domain to send msgs to syslog
- Label /usr/sbin/nhrpd and /usr/sbin/pimd binaries as zebra_exec_t
- Allow swnserve_t domain to stream connect to sasl domain
- Allow smbcontrol_t to create dirs with samba_var_t label
- Remove execstack,execmem and execheap from domains setroubleshootd_t, locate_t and podsleuth_t to increase security. BZ(1579760)
- Allow tangd to read public sssd files BZ(1509054)
- Allow geoclue start with nnp systemd security feature with proper SELinux Domain transition BZ(1575212)
- Allow ctdb_t domain modify ctdb_exec_t files
- Allow firewalld_t domain to create netlink_netfilter sockets
- Allow radiusd_t domain to read network sysctls
- Allow pegasus_t domain to mount tracefs_t filesystem
- Allow psad_t domain to read all domains state
- Allow tomcat_t domain to connect to mongod_t tcp port
- Allow dovecot and postfix to connect to systemd stream sockets
- Make nmbd_t domain dbus system client BZ(1569856)
- Merge pull request #55 from SISheogorath/fix/tlp-policy
- Merge pull request #54 from tmzullinger/rawhide
- Allow also listing system_dbusd_var_run_t dirs in dbusd_read_pid_files macro BZ(1566168)
- Allow gssproxy_t domain to read gssd_t state BZ(1572945)
- Allow create systemd to mount pid files
- Add files_map_boot_files() interface
- Remove execstack,execmem and execheap from domain fsadm_t to increase security. BZ(1579760)
- Fix typo xserver SELinux module
- Allow systemd to mmap files with var_log_t label
- Allow x_userdomains read/write to xserver session
- Allow users staff and sysadm to run wireshark on own domain
- Fix typos s/xserver/xdm/ for allow creating xserver misc devices
- Allow systemd-bootchart to create own tmpfs files
- Merge pull request #213 from tmzullinger/rawhide
- Allow xdm_t domain to install Nouveau drivers BZ(1570996)
- Allow unconfined_domain_type to create libs filetrans named content BZ(1513806)