* Mon Oct 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-9

- Allow caller domains using cron_*_role to have entrypoint permission on system_cron_spool_t files BZ(1625645)
- Add interface cron_system_spool_entrypoint()
- Bolt added d-bus API for force-powering the thunderbolt controller, so system-dbusd needs acces to boltd pipes BZ(1637676)
- Add interfaces for boltd SELinux module
- Add dac_override capability to modemmanager_t domain BZ(1636608)
- Allow systemd to mount boltd_var_run_t dirs BZ(1636823)
- Label correctly /var/named/chroot*/dev/unrandom in bind chroot.

.gitignore

@@ -316,3 +316,5 @@ serefpolicy*
 /selinux-policy-493101e.tar.gz
 /selinux-policy-contrib-765b73a.tar.gz
 /selinux-policy-8bcb254.tar.gz
+/selinux-policy-contrib-5252fe6.tar.gz
+/selinux-policy-2d39d24.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 8bcb254ccc7d4db69198f130eb064eb834df055f
+%global commit0 2d39d24bc2473eac94a5ccdfa373e29db041d3fd
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 765b73a30143dd95a99f1f41a7a5a6511ebcf12a
+%global commit1 5252fe6bb92d282173ba836b59172bc7c99609a8
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -709,6 +709,15 @@ exit 0
 %endif
 
 %changelog
+* Mon Oct 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-9
+- Allow caller domains using cron_*_role to have entrypoint permission on system_cron_spool_t files BZ(1625645)
+- Add interface cron_system_spool_entrypoint()
+- Bolt added d-bus API for force-powering the thunderbolt controller, so system-dbusd needs acces to boltd pipes BZ(1637676)
+- Add interfaces for boltd SELinux module
+- Add dac_override capability to modemmanager_t domain BZ(1636608)
+- Allow systemd to mount boltd_var_run_t dirs BZ(1636823)
+- Label correctly /var/named/chroot*/dev/unrandom in bind chroot.
+
 * Sat Oct 13 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-8
 - ejabberd SELinux module removed, it's shipped by ejabberd-selinux package
 

sources

@@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-765b73a.tar.gz) = 496ecbc450f3eeb95ec40aa9fb98a663c65c293a40494f001d21193f382f6b5fa77594e0d89bdc77187a273f0a5c6a11087ca66938fbd8bd3ee1b0d5900b40ed
-SHA512 (selinux-policy-8bcb254.tar.gz) = 8e839d3c17b911397167f9cbe871c41c3263dec98563804ee25f73fa6f6af63fbf4b2830dde9b54132838c8cde543209ad9c7df9e1c3b1618dd84a663a07f0e2
-SHA512 (container-selinux.tgz) = 24ffe763a027b53ec5b6636edddf65797bbb5ac2914869aebc04d451c6ac6012ea83822ec9d127cce71af16b4268f6c25ef351b922fcea9e4345f5845669bece
+SHA512 (selinux-policy-contrib-5252fe6.tar.gz) = 366636200668f30cf8520fb8fb2f4f6292d86b093fbe03c3414da24705ac40ab5e4f7943b484fbeba5f3def76fe1e2cf2b1160f56f7ad04d0aef3b6dd61cde74
+SHA512 (selinux-policy-2d39d24.tar.gz) = 0b25543fa70599a6086336fa90edf69acda23d7c5df861a88b5733e7c14947e5f05a178e7f8fb5ebc8da9c90c1a45a746265c9ced677f4887c5267252d0e59b4
+SHA512 (container-selinux.tgz) = b24c37183ad16f64eb5b3b50a4e4293a17b94571dd7bfb365f219127dde35e4235d7c3f885fb25cb7e12e8e836e1f48a8b854b8acf22a1856617a5b9ca8423d2