* Wed Jun 22 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-191.2
    - Allow firewalld_t to create entries in net_conf_t dirs.
    - Allow journalctl to read syslogd_var_run_t files. This allows to staff_t and sysadm_t to read journals
    - Allow rhsmcertd connect to port tcp 9090
    - Label for /bin/mail(x) was removed but /usr/bin/mail(x) not. This path is also needed to remove.
    - Label /usr/libexec/mimedefang-wrapper as spamd_exec_t.
    - Add new boolean spamd_update_can_network.
    - Add proper label for /var/log/proftpd.log
    - Fix SELinux context for /usr/share/mirrormanager/server/mirrormanager to Label all binaries under dir as mirrormanager_exec_t.
    - Allow rhsmcertd connect to tcp netport_port_t
    - Allow prosody to bind to fac_restore tcp port.
    - Fix broken hostapd policy
    - Allow ninfod to read raw packets
    - Allow hostapd to create netlink_generic sockets. BZ(1343683)
    - Allow puppet_t transtition to shorewall_t
    - Allow pegasus get attributes from qemu binary files.
    - Allow tuned to use policykit. This change is required by cockpit.
    - Allow conman_t to read dir with conman_unconfined_script_t binary files.
    - Allow pegasus to read /proc/sysinfo.
    - Allow conman to kill conman_unconfined_script.
    - Allow sysadm_role to run journalctl_t domain. This allows sysadm user to read journals.
    - Label tcp ports:16379, 26379 as redis_port_t
    - Allow systemd to relabel /var and /var/lib directories during boot.
    - Add files_relabel_var_dirs() and files_relabel_var_dirs() interfaces.
    - Add files_relabelto_var_lib_dirs() interface.
    - Label tcp and udp port 5582 as fac_restore_port_t
    - Allow sysadm_t user to run postgresql-setup.
    - Allow sysadm_t user to dbus chat with oddjob_t. This allows confined admin run oddjob mkhomedirfor script. Resolves: rhbz#1297480
    - Allow systemd-resolved to connect to llmnr tcp port. BZ(1344849)
    - Allow passwd_t also manage user_tmp_t dirs, this change is needed b