* Wed Jun 22 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-191.2
- Allow firewalld_t to create entries in net_conf_t dirs.
- Allow journalctl to read syslogd_var_run_t files. This allows to staff_t and sysadm_t to read journals
- Allow rhsmcertd connect to port tcp 9090
- Label for /bin/mail(x) was removed but /usr/bin/mail(x) not. This path is also needed to remove.
- Label /usr/libexec/mimedefang-wrapper as spamd_exec_t.
- Add new boolean spamd_update_can_network.
- Add proper label for /var/log/proftpd.log
- Fix SELinux context for /usr/share/mirrormanager/server/mirrormanager to Label all binaries under dir as mirrormanager_exec_t.
- Allow rhsmcertd connect to tcp netport_port_t
- Allow prosody to bind to fac_restore tcp port.
- Fix broken hostapd policy
- Allow ninfod to read raw packets
- Allow hostapd to create netlink_generic sockets. BZ(1343683)
- Allow puppet_t transtition to shorewall_t
- Allow pegasus get attributes from qemu binary files.
- Allow tuned to use policykit. This change is required by cockpit.
- Allow conman_t to read dir with conman_unconfined_script_t binary files.
- Allow pegasus to read /proc/sysinfo.
- Allow conman to kill conman_unconfined_script.
- Allow sysadm_role to run journalctl_t domain. This allows sysadm user to read journals.
- Label tcp ports:16379, 26379 as redis_port_t
- Allow systemd to relabel /var and /var/lib directories during boot.
- Add files_relabel_var_dirs() and files_relabel_var_dirs() interfaces.
- Add files_relabelto_var_lib_dirs() interface.
- Label tcp and udp port 5582 as fac_restore_port_t
- Allow sysadm_t user to run postgresql-setup.
- Allow sysadm_t user to dbus chat with oddjob_t. This allows confined admin run oddjob mkhomedirfor script. Resolves: rhbz#1297480
- Allow systemd-resolved to connect to llmnr tcp port. BZ(1344849)
- Allow passwd_t also manage user_tmp_t dirs, this change is needed b