- Update timedatex policy to add macros, more detail below

- Allow nagios_script_t domain list files labled sysfs_t.
- Allow jetty_t domain search and read cgroup_t files.
- Allow Gluster mount client to mount files_type
- Dontaudit and disallow sys_admin capability for keepalived_t domain
- Update numad policy to allow signull, kill, nice and trace processes
- Allow ipmievd_t to RW watchdog devices
- Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
- Allow user domains to manage user session services
- Allow staff and user users to get status of user systemd session
- Update sudo_role_template() to allow caller domain to read syslog pid files

.gitignore

@@ -412,3 +412,5 @@ serefpolicy*
 /selinux-policy-contrib-84cf0f5.tar.gz
 /selinux-policy-contrib-7c1c105.tar.gz
 /selinux-policy-contrib-070f96c.tar.gz
+/selinux-policy-contrib-7adf788.tar.gz
+/selinux-policy-c95997f.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 aa4c0707e6664ede25e49f57d3c9b4d267650ca1
+%global commit0 c95997f82617ebaf9b87845b3a2b5c721b99b212
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 070f96cf0f59735f1d01cb7f9427292b7f112fd3
+%global commit1 7adf7883d0fdd9349f09ceb121e68a63d25503cd
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.5
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -787,6 +787,19 @@ exit 0
 %endif
 
 %changelog
+* Tue Oct 22 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-10
+- Update timedatex policy to add macros, more detail below
+- Allow nagios_script_t domain list files labled sysfs_t.
+- Allow jetty_t domain search and read cgroup_t files.
+- Allow Gluster mount client to mount files_type
+- Dontaudit and disallow sys_admin capability for keepalived_t domain
+- Update numad policy to allow signull, kill, nice and trace processes
+- Allow ipmievd_t to RW watchdog devices
+- Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
+- Allow user domains to manage user session services
+- Allow staff and user users to get status of user systemd session
+- Update sudo_role_template() to allow caller domain to read syslog pid files
+
 * Fri Oct 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-9
 - Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
 

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-070f96c.tar.gz) = f08779b54b9e90ffb6ef5c7f7e490387aa1182a6eb3e7773106d683333455c07c076fa47e864457a818e0339dce049de3ed1e9493e9d1312235c7d289022851f
-SHA512 (selinux-policy-aa4c070.tar.gz) = d8ac4aa13531b2ddd30a3f1eddad3e77cdd5f955d0960b7d40e52e7bbd667428c2dd13be1b4b3559dcd6c36eec7e05d349b5de7141910f44e16233fba7a9ddb2
-SHA512 (container-selinux.tgz) = a7a91d81967702fcbff61f8c066887cf033dfbc1671b4d35f273fb137a3400b121efa1d166e99cc741b8a06e65458a86290f43cda333fa9f80168d9e24f4ab12
+SHA512 (selinux-policy-contrib-7adf788.tar.gz) = 3757c701cca46d858cae1128db3e05b373de3e7e1d56ad4eef137e46047ecfe06e811a1e24c96da9156ebed9e38d7053f0940743de65e866680a693ad47ac2e2
+SHA512 (selinux-policy-c95997f.tar.gz) = 50b2fc0cf928f6408c85bb805cf6bb5b1369a125937db897acbcf69ef24b988427723b313c4d1032bc4313c036a720c017b771c3df53410c1514c6c97acc9ac0
+SHA512 (container-selinux.tgz) = 1d271ad131ddde8eaf08304d9bb9b86e01588a513d3ebdf0bc8fcd4249132a060bf5c5d2e8311badba4a0428ab700c1a27b5d0b9f11e93d78e0ef15acc987aa4
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4