* Fri Aug 10 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-32

- Fix issue with aliases in apache interface file
- Add same context for symlink as binary
- Allow boltd_t to send logs to journal
- Allow colord_use_nfs to allow colord also mmap nfs_t files
- Allow mysqld_safe_t do execute itself
- Allow smbd_t domain to chat via dbus with avahi daemon
- cupsd_t domain will create /etc/cupsd/ppd as cupsd_etc_rw_t
- Update screen_role_template to allow caller domain to have screen_exec_t as entrypoint do new domain
- Add alias httpd__script_t to _script_t to make sepolicy generate working
- Allow gpg_t domain to mmap gpg_agent_tmp_t files
- label /var/lib/pgsql/data/log as postgresql_log_t
- Allow sysadm_t domain to accept socket
- Allow systemd to manage passwd_file_t
- Allow sshd_t domain to mmap user_tmp_t files

.gitignore

@@ -302,3 +302,5 @@ serefpolicy*
 /selinux-policy-contrib-f0ca657.tar.gz
 /selinux-policy-contrib-6bfaa82.tar.gz
 /selinux-policy-e08b2da.tar.gz
+/selinux-policy-8555de5.tar.gz
+/selinux-policy-contrib-ab97c9d.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 cf5a654b7ac989a686044cb450cf5856e763f4d5
+%global commit0 8555de535032724934dbb7fb0d592c4345fa4c28
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 e60295e6037f32dc30a47ef7b77549dade16f7ef
+%global commit1 ab97c9dae9ef424a61dd503c5e139c7b099f6b34
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -709,6 +709,22 @@ exit 0
 %endif
 
 %changelog
+* Fri Aug 10 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-32
+- Fix issue with aliases in apache interface file
+- Add same context for symlink as binary
+- Allow boltd_t to send logs to journal
+- Allow colord_use_nfs to allow colord also mmap nfs_t files
+- Allow mysqld_safe_t do execute itself
+- Allow smbd_t domain to chat via dbus with avahi daemon
+- cupsd_t domain will create /etc/cupsd/ppd as cupsd_etc_rw_t
+- Update screen_role_template to allow caller domain to have screen_exec_t as entrypoint do new domain
+- Add alias httpd__script_t to _script_t to make sepolicy generate working
+- Allow gpg_t domain to mmap gpg_agent_tmp_t files
+- label /var/lib/pgsql/data/log as postgresql_log_t
+- Allow sysadm_t domain to accept socket
+- Allow systemd to manage passwd_file_t
+- Allow sshd_t domain to mmap user_tmp_t files
+
 * Tue Aug 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-31
 - Allow kprop_t domain to read network state
 - Add support boltd policy

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-cf5a654.tar.gz) = bb9e69869672a2ba70c94bbbd361da63a39367cd35f30daa8d5afbe60f1800f23252e56df564ee9c404b8e6a9130c57b559c666fc3c264e182f5751d47afb36d
-SHA512 (selinux-policy-contrib-e60295e.tar.gz) = 95b51f55da5cd006b31f2fed0a9043241e68b606b5176c5b0912f5a311b3dd02277c26d35dbb97cf52faaae169b3fb5cdabfbbcdb5927a3f155985321182e3aa
-SHA512 (container-selinux.tgz) = 3057e92810c56c22aebf34d06623176615f61c0e5778273f34894ed4fdd8ce89d0ac525e66dd26fe09542741f5b12135d6a21d102d058aeab85df7fb15a626a7
+SHA512 (selinux-policy-8555de5.tar.gz) = 508749e491a927287f654ca43112c8f52ebee6e1d18b06dcbbd1271bc0f47a95332620bfa812b1562eacf3457ce5ad3d072d518919737e5ef1f691cb2788e99e
+SHA512 (selinux-policy-contrib-ab97c9d.tar.gz) = eb2b41519b8f9512263c786b88f6a5cc8be43d419dceb2f1528f03018203226d4659993ab1cc135a509be5b41568ce33590026eddc8cd0184c49aedb30778b04
+SHA512 (container-selinux.tgz) = 9ea0c3d432d9f875f57daf0c1e5097f3ca93b029492a9a30446962550f0d87bb3781e8f65dbcdfd7fc14dd219ca74100aa73b936707a1c6fca0d6dfbcf4b4a40