* Fri Jan 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.5-21

- Dontaudit timedatex_t read file_contexts_t and validate security contexts
- Make stratisd_t domain unconfined for now.
- stratisd_t policy updates.
- Label /var/spool/plymouth/boot.log as plymouthd_var_log_t
- Label /stratis as stratisd_data_t
- Allow opafm_t to create and use netlink rdma sockets.
- Allow stratisd_t domain to read/write fixed disk devices and removable devices.
- Added macro for stratisd to chat over dbus
- Add dac_override capability to stratisd_t domain
- Allow init_t set the nice level of all domains BZ(1778088)
- Allow userdomain to chat with stratisd over dbus.

.gitignore

@@ -431,3 +431,5 @@ serefpolicy*
 /selinux-policy-789c659.tar.gz
 /selinux-policy-b169ed6.tar.gz
 /selinux-policy-contrib-cabad1f.tar.gz
+/selinux-policy-533b7be.tar.gz
+/selinux-policy-contrib-be783bd.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 b169ed68eafa6e5ce675629d8ff21ded5f645107
+%global commit0 533b7be0d2b9f6ad895b36cedb2d010ee8be9c03
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 cabad1ffdee56048ffbc69424b64163d4a6edd06
+%global commit1 be783bd4b9aa52ed0bbb5555128659a3e1c91410
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.5
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -772,6 +772,19 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.5-21
+- Dontaudit timedatex_t read file_contexts_t and validate security contexts
+- Make stratisd_t domain unconfined for now.
+- stratisd_t policy updates.
+- Label /var/spool/plymouth/boot.log as plymouthd_var_log_t
+- Label /stratis as stratisd_data_t
+- Allow opafm_t to create and use netlink rdma sockets.
+- Allow stratisd_t domain to read/write fixed disk devices and removable devices.
+- Added macro for stratisd to chat over dbus
+- Add dac_override capability to stratisd_t domain
+- Allow init_t set the nice level of all domains BZ(1778088)
+- Allow userdomain to chat with stratisd over dbus.
+
 * Mon Jan 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-20
 - Fix typo in anaconda SELinux module
 - Allow rtkit_t domain  to control scheduling for your install_t processes

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-b169ed6.tar.gz) = 5640904281188d07a33d1f106440b9d468454a88a4b89fe8618c1947d56dede848a8dd89c3257d000e42ee0f5eaa291a1dc15e9d4638513af50dc63d6dba535f
-SHA512 (selinux-policy-contrib-cabad1f.tar.gz) = 15c65dfe4f1079ea987b37262304bdca2aa795fe388efeae3ba1d93da49ab7667429ac4a935ec12249a70189cc68606ba4b1d0a1839f1131cbb9404302d82fd2
-SHA512 (container-selinux.tgz) = b4ad092d9ab2a1e0c3251d0246b29823409c10a14c540d4880df006a883c43934083cdaa080ac0cd841b403cf006bb823f808d57a631462ddc588239dd452058
+SHA512 (selinux-policy-533b7be.tar.gz) = 07a1e523e3a2b4ba87ff5c97eda96bcf018669dd2feca6997df3ccecb221410a85f49fde45a90b460c650595ed9385b3024d3654010f760b3a74783ef3e5e0f7
+SHA512 (selinux-policy-contrib-be783bd.tar.gz) = 760f86bc1ebc7380d15657e064bee9a889e5958c5a96247aef79f2ccd886ab8b48289d8fe83a037d5da91baf96129cde2dfa5971f5ea262d46916efffcd371f1
+SHA512 (container-selinux.tgz) = 05a4576ed8dfd670fc008da05f569c4be4e044b9c5c7a12511e4844e86932d9c6f04260bf3e766be59a67d1791b345edb93ff7d73b70b243f078962f6be37b98
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4