* Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21

- Add dac_override to exim policy BZ(1574303)
- Fix typo in conntrackd.fc file
- Allow sssd_t to kill sssd_selinux_manager_t
- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db  is turned on
- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
- Allow policykit_auth_t to read udev db files BZ(1574419)
- Allow varnishd_t do be dbus client BZ(1582251)
- Allow cyrus_t domain to mmap own pid files BZ(1582183)
- Allow user_mail_t domain to mmap etc_aliases_t files
- Allow gkeyringd domains to run ssh agents
- Allow gpg_pinentry_t domain read ssh state
- Allow sysadm_u use xdm
- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495)
- Add interface ssh_read_state()
- Fix typo in sysnetwork.if file

.gitignore

@@ -285,3 +285,5 @@ serefpolicy*
 /selinux-policy-ba72e52.tar.gz
 /selinux-policy-877fde5.tar.gz
 /selinux-policy-contrib-12d91da.tar.gz
+/selinux-policy-contrib-6cf567f.tar.gz
+/selinux-policy-a1ec13e.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 877fde5e4cceb08ad0cf0e8110b1fca267e943f7
+%global commit0 a1ec13e6114be5f88449a3f7e87468ca5f36ead5
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 12d91dabfa5b0c6c8a69e76f3caae0e6d60c9d1b
+%global commit1 6cf567fea24b91d5a6a82e37e66a0c01548846b2
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -718,6 +718,23 @@ exit 0
 %endif
 
 %changelog
+* Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21
+- Add dac_override to exim policy BZ(1574303)
+- Fix typo in conntrackd.fc file
+- Allow sssd_t to kill sssd_selinux_manager_t
+- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db  is turned on
+- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
+- Allow policykit_auth_t to read udev db files BZ(1574419)
+- Allow varnishd_t do be dbus client BZ(1582251)
+- Allow cyrus_t domain to mmap own pid files BZ(1582183)
+- Allow user_mail_t domain to mmap etc_aliases_t files
+- Allow gkeyringd domains to run ssh agents
+- Allow gpg_pinentry_t domain read ssh state
+- Allow sysadm_u use xdm
+- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495)
+- Add interface ssh_read_state()
+- Fix typo in sysnetwork.if file
+
 * Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20
 - Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files
 - Allow mailman_mail_t domain to search for apache configs

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-877fde5.tar.gz) = 29f4074fd84d026077bab774f72d63a538fa1b84ac5ff3b07e026e78f2031edd494a16b6a6930f7741be85124b4881a77744730dfe01a22cb938c2245778b523
-SHA512 (selinux-policy-contrib-12d91da.tar.gz) = 38afcb055eb582db1fa2f1207badb5eddfd5ee632e52e75f2449bd65d8a3fe81177430220b75dd13838fd5ecd4cc3f2402a3bcd6c5fbc367145aea66a09d7e88
-SHA512 (container-selinux.tgz) = c38b1799acb4f517655be8ede3f05debcebd81624e00bd9d429a277d8eecbf17d15618631bed8ce03c63286d574a61ebfb0782d6dd77c5e70d616fb1e968aed9
+SHA512 (selinux-policy-contrib-6cf567f.tar.gz) = 46f21dd2d17f314e6beb2197ba80139c4fa2d468e9f60caeb99200a943e62435b8567f4134fcf15674d9544382cd48c7befc82a91360f5123533bab22dd14d26
+SHA512 (selinux-policy-a1ec13e.tar.gz) = 1dfc5fa9345f39d0815f6450951fd6925b2f1a3df091193c259545218197b3f31cdff033d0e2c9a2f61de387c1deb3cac1573b17ec43c313ba4520c3ed5f71af
+SHA512 (container-selinux.tgz) = 25c6d9a075212c43a7895e858d6466e5b3a9658753efd06096442481d285ef7ed7e4cd1bad39d9fb9f0c4e44253c10c513880e6f75a717c335d1fdfbbb3f91b3