* Thu Apr 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-13

- refpolicy: Update for kernel sctp support
- Allow smbd_t send to nmbd_t via dgram sockets BZ(1563791)
- Allow antivirus domain to be client for system dbus BZ(1562457)
- Dontaudit requesting tlp_t domain kernel modules, its a kernel bug BZ(1562383)
- Add new boolean: colord_use_nfs() BZ(1562818)
- Allow pcp_pmcd_t domain to check access to mdadm BZ(1560317)
- Allow colord_t to mmap gconf_home_t files
- Add new boolean redis_enable_notify()
- Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
- Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/
- Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t

.gitignore

@@ -270,3 +270,5 @@ serefpolicy*
 /selinux-policy-contrib-1255203.tar.gz
 /selinux-policy-contrib-10b75cc.tar.gz
 /selinux-policy-bb22502.tar.gz
+/selinux-policy-b8ddd7e.tar.gz
+/selinux-policy-contrib-4b13776.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 bb225028a9a5145547fb08cc8b18d1d17b1b4c02
+%global commit0 b8ddd7e996c81e52fd793d69d2cfca8f21cffdbf
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 10b75cc2d3be4bc057bb63d254afaacd53a9cd03
+%global commit1 4b13776189d49c87144522f1b5a7ba0a58970f1b
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -717,6 +717,19 @@ exit 0
 %endif
 
 %changelog
+* Thu Apr 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-13
+- refpolicy: Update for kernel sctp support
+- Allow smbd_t send to nmbd_t via dgram sockets BZ(1563791)
+- Allow antivirus domain to be client for system dbus BZ(1562457)
+- Dontaudit requesting tlp_t domain kernel modules, its a kernel bug BZ(1562383)
+- Add new boolean: colord_use_nfs() BZ(1562818)
+- Allow pcp_pmcd_t domain to check access to mdadm BZ(1560317)
+- Allow colord_t to mmap gconf_home_t files
+- Add new boolean redis_enable_notify()
+- Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
+- Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/
+- Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t
+
 * Sat Apr 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-12
 - Add new boolean redis_enable_notify()
 - Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-10b75cc.tar.gz) = 406584495d53ef60dfe90a842906d86dd93c769f5e3c207ef8ca49be90d54bc98615b23953217bce945d0099be928fafe3ac60d0912456335c0652c8ab282def
-SHA512 (selinux-policy-bb22502.tar.gz) = 9571c259971c43168e2feb352ee03579e68084b00565ce567040c06e556fe64ba3ca1f06644980612ad3dd47b95416c66f7a5ee4426f03cead8c715e20ae4a49
-SHA512 (container-selinux.tgz) = 7a10741c808044e7ba23a6be5e7a294456eb1ea8c802167415e106943727a37be50c061c0b58eb6b593ce22941635a61cb35af1bfd38ab236efe9341a47feffe
+SHA512 (selinux-policy-b8ddd7e.tar.gz) = 9287be6e36d4c6a6fc36a5ab30170c8a1ad865f167a98cd1cbb72fefcc5ef7853b147a679342ff4fddf4d94a03c2ae5ebc5b81ece8eab8ff2a5b111a426d7f43
+SHA512 (selinux-policy-contrib-4b13776.tar.gz) = 19ccaa52c67ffc6bd6c907861400d18e5e64f9c7ab37ac56c96d831aa5a89d96fff2e8a22fe6b5be0ae23aec5426639e2295ba33e43bf02daa2b80c2106bd685
+SHA512 (container-selinux.tgz) = 608b1f59dbd761a968d69d46b9f658b33c71e572b27c3c3cdc87efd3544662fac58b9bf6b41fae5afee6269d231d848a7e7f0f1afbd0f91f5729e87fc17a9a50