* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18

- Allow plymouthd_t search efivarfs directory BZ(1664143)
- Allow arpwatch send e-mail notifications BZ(1657327)
- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
- Allow gssd_t domain to read/write kernel keyrings of every domain.
- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
- Add the fs_search_efivarfs_dir interface
- Create tangd_port_t with default label tcp/7406
- Add interface domain_rw_all_domains_keyrings()
- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)

.gitignore

@@ -330,3 +330,5 @@ serefpolicy*
 /selinux-policy-contrib-a265988.tar.gz
 /selinux-policy-d0c5c81.tar.gz
 /selinux-policy-0379b0e.tar.gz
+/selinux-policy-contrib-2664b0a.tar.gz
+/selinux-policy-35f00c1.tar.gz

rpm.macros

@@ -55,7 +55,7 @@ if [ -z "${_policytype}" ]; then \
 fi \
 if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
   %{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \
-  %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
+  %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
 fi \
 %{nil}
 
@@ -69,7 +69,7 @@ fi \
 if [ $1 -eq 0 ]; then \
   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
     %{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
-    %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
+    %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
   fi \
 fi \
 %{nil}

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 0379b0e4a4b22a7e86d183a9cfdd5f38080ac38b
+%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 a265988e553a6f76d712aff33e2def21c38628ab
+%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -713,6 +713,17 @@ exit 0
 %endif
 
 %changelog
+* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
+- Allow plymouthd_t search efivarfs directory BZ(1664143)
+- Allow arpwatch send e-mail notifications BZ(1657327)
+- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
+- Allow gssd_t domain to read/write kernel keyrings of every domain.
+- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
+- Add the fs_search_efivarfs_dir interface
+- Create tangd_port_t with default label tcp/7406
+- Add interface domain_rw_all_domains_keyrings()
+- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
+
 * Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-17
 - Allow staff_t domain to read read_binfmt_misc filesystem
 - Add interface fs_read_binfmt_misc()

sources

@@ -1,3 +1,3 @@
-SHA512 (container-selinux.tgz) = 158ad35b4bff3aca9218ebfb21599bd583e2b9ce8a7a92b86609e30218d214f87e5354b94269de4eee2c4333949d9e69ba79e34755437cb26e1af7432ea3a816
-SHA512 (selinux-policy-contrib-a265988.tar.gz) = 04916bc9e470fcf7e7963da3cad1f4daf4a283faba50273cbae2cdd12d31625e7ee70e2ae74059322ac1e1bd51b0044c74420468236315861f3bf40639a39069
-SHA512 (selinux-policy-0379b0e.tar.gz) = 89eff3b59d4a2508cbe9fe4f27da06ed6e2ac06e6abcdd83dc806e90579c7640c607c8eab0f516e8db83652eab6195b1a66e95d2b0ef754cd19612090f288964
+SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81
+SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b
+SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd