* Tue Mar 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-5

- Update xen SELinux module
- Improve labeling for PCP plugins
- Allow varnishd_t domain to read sysfs_t files
- Update vmtools policy
- Allow virt_qemu_ga_t domain to read udev_var_run_t files
- Update nagios_run_sudo boolean with few allow rules related to accessing sssd
- Update file context for modutils rhbz#1689975
- Label /dev/xen/hypercall and /dev/xen/xenbus_backend as xen_device_t Resolves: rhbz#1679293
- Grant permissions for onloadfs files of all classes.
- Allow all domains to send dbus msgs to vmtools_unconfined_t processes
- Label /dev/pkey as crypt_device_t
- Allow sudodomains to write to systemd_logind_sessions_t pipes.
- Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t.

.gitignore

@@ -347,3 +347,5 @@ serefpolicy*
 /selinux-policy-aa6253c.tar.gz
 /selinux-policy-contrib-c199027.tar.gz
 /selinux-policy-4c00590.tar.gz
+/selinux-policy-b28842e.tar.gz
+/selinux-policy-contrib-dc92f2d.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 4c00590e9ef306b76eddd6099f21f4a2a2953d5b
+%global commit0 b28842ef918897da153800b2df47bb991250c421
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 c199027807f785d4c18da80d89b000c75d80137f
+%global commit1 dc92f2da061156c3e952a6b910dc49fc47c44d25
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -706,6 +706,21 @@ exit 0
 %endif
 
 %changelog
+* Tue Mar 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-5
+- Update xen SELinux module
+- Improve labeling for PCP plugins
+- Allow varnishd_t domain to read sysfs_t files
+- Update vmtools policy
+- Allow virt_qemu_ga_t domain to read udev_var_run_t files
+- Update nagios_run_sudo boolean with few allow rules related to accessing sssd
+- Update file context for modutils rhbz#1689975
+- Label /dev/xen/hypercall and /dev/xen/xenbus_backend as xen_device_t Resolves: rhbz#1679293
+- Grant permissions for onloadfs files of all classes.
+- Allow all domains to send dbus msgs to vmtools_unconfined_t processes
+- Label /dev/pkey as crypt_device_t
+- Allow sudodomains to write to systemd_logind_sessions_t pipes.
+- Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t.
+
 * Tue Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4
 - Update vmtools policy
 - Allow virt_qemu_ga_t domain to read udev_var_run_t files

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-c199027.tar.gz) = 6310ac4d95d1adbc2049f7b7720f894474e19748f05e145109b038047e992cf9a11a020a8d39d7acb7f31046381286cd77ff51d74613d033926af8940da2614b
-SHA512 (selinux-policy-4c00590.tar.gz) = bb353aa1f4f63dbfdc7e558fa53f663969c51e4e81a493fcd3c424714d1e3dcfb4e9c2d06806726730b0871cb201cf254343498a48cc6a5a63a2a72fd4a29eb6
-SHA512 (container-selinux.tgz) = 08977a95836779814bd3aeb9523d4671c9139332c8ce65655ada00ec85fbfdc55c1f9ca0480b3aa75585274bff929d0d94c6008585ce75467a60640237774a0d
+SHA512 (selinux-policy-b28842e.tar.gz) = 70af099a8a0f045c4e49099f59142eb9fc5e154d1875037e281af92bf9bccf2f81ea6cec33b89c1e7aa149085aac26df631cf0a252e41ef53901ce89034ecd83
+SHA512 (selinux-policy-contrib-dc92f2d.tar.gz) = 6b2f5e4a787f9780fb45cd609b54b922863c64ed4003fcda00d6dbe35388f3620a841167e3c93ef6d48998ca19dc5c0c444530cb4bdf82262e6a5ab394e7773d
+SHA512 (container-selinux.tgz) = 7844a9ae0d3f5e3e1fc5b6b190b16c33c4ed47967d65ff3e2dac5aff4a7d76e11b53974258e9b14c2b159b0f10f8f8d85cd0cb1a3dbc516033a4573bac637712