From 70c776a7bc16938aab7ebaaade0cf750ad920bc8 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Wed, 7 Nov 2018 23:34:46 +0100
Subject: [PATCH] * Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> -
 3.14.3-13 - Update pesign policy to allow pesign_t domain to read bind cache
 files/dirs - Add dac_override capability to mdadm_t domain - Create
 ibacm_tmpfs_t type for the ibacm policy - Dontaudit capability sys_admin for
 dhcpd_t domain - Makes rhsmcertd_t domain an exception to the constraint
 preventing changing the user identity in object contexts. - Allow abrt_t
 domain to mmap generic tmp_t files - Label /usr/sbin/wpa_cli as
 wpa_cli_exec_t - Allow sandbox_xserver_t domain write to user_tmp_t files -
 Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files
 Dontaudit ipsec_mgmt_t domain to write to the all mountpoints - Add interface
 files_map_generic_tmp_files() - Add dac_override capability to the syslogd_t
 domain - Create systemd_timedated_var_run_t label - Update
 systemd_timedated_t domain to allow create own pid files/access
 init_var_lib_t files and read dbus files BZ(1646202) - Add
 init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces

---
 .gitignore          |  2 ++
 selinux-policy.spec | 22 +++++++++++++++++++---
 sources             |  6 +++---
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3c29f8cf..4da3240f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -323,3 +323,5 @@ serefpolicy*
 /selinux-policy-a46eac2.tar.gz
 /selinux-policy-contrib-5a2a313.tar.gz
 /selinux-policy-62d90da.tar.gz
+/selinux-policy-contrib-a01743f.tar.gz
+/selinux-policy-4cbc1ae.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 23fcebdb..274426e7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 62d90da2a38c1a701a5f177feb861d0d75357d55
+%global commit0 4cbc1ae7dbe8f08edee55b33d1031f0ee0c6ff4e
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5a2a313e3ac16c6411fd3dd949a836061b33a526
+%global commit1 a01743f0cd8f3fd2aa99b32ff01697eeb0918b0c
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -709,6 +709,22 @@ exit 0
 %endif
 
 %changelog
+* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13
+- Update pesign policy to allow pesign_t domain to read bind cache files/dirs
+- Add dac_override capability to mdadm_t domain
+- Create ibacm_tmpfs_t type for the ibacm policy
+- Dontaudit capability sys_admin for dhcpd_t domain
+- Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts.
+- Allow abrt_t domain to mmap generic tmp_t files
+- Label /usr/sbin/wpa_cli as wpa_cli_exec_t
+- Allow sandbox_xserver_t domain write to user_tmp_t files
+- Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints
+- Add interface files_map_generic_tmp_files()
+- Add dac_override capability to the syslogd_t domain
+- Create systemd_timedated_var_run_t label
+- Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202)
+- Add init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces
+
 * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12
 - Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672)
 - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766)
diff --git a/sources b/sources
index 7289b0f1..e52dc2ef 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-5a2a313.tar.gz) = 3a2c12e0636b241a36a398ae30db2b64376083034fc1033f5b745c27706559169f16d4c05ec4af6703e90250f0377dbbd80316f086ffce3c4fe942f40359b8af
-SHA512 (selinux-policy-62d90da.tar.gz) = bce754eca7b01c15eab03d182e3d8baebb0783372df33e75f15442b3377c168e57502453950e8383947feb47c21e95184d7cdee35ac8aebcaccdcf5e5eaf04c1
-SHA512 (container-selinux.tgz) = a26a2ddd0aa3868d44bdb55197737e0f66377f5dd8abfcd00f6440b926338071f57f189bb5050d976dcc484d53a7f3ac35c74d48763975bea2afc6509501ebef
+SHA512 (selinux-policy-contrib-a01743f.tar.gz) = 4f21db7f96599c85d4d16b275b693338f63c00083e0931e4658d93c23ee969f6670c7dcde67d54e3c55718577759bd14f7ee68c3e82896e0b6334077fbc98686
+SHA512 (selinux-policy-4cbc1ae.tar.gz) = 0d6a5f5df9dda62b72ad037f124eed91e06d7657d15c0d6155b6e5449b6fca034c6ac1759fb5cb42ab39ea9973a5149403267afc21f15f849e86bea1d6b61f62
+SHA512 (container-selinux.tgz) = d4cc25cfd87b9efd77424f3a799044a927488756e31bd157f59613acb0bb4da19013fc2e22ff9194b2ebfb6c57d33a98d7a1f76e9720f1ac8fa889b39807f0ac