* Thu May 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-15

- Allow iscsid_t domain to mmap modules_dep_t files
- Allow ngaios to use chown capability
- Dontaudit gpg_domain to create netlink_audit sockets
- Remove role transition in rpm_run() interface to allow sysadm_r jump to rpm_t type. BZ(1704251)
- Allow dirsrv_t domain to execute own tmp files BZ(1703111)
- Update fs_rw_cephfs_files() interface to allow also caller domain to read/write cephpfs_t lnk files
- Update domain_can_mmap_files() boolean to allow also mmap lnk files
- Improve userdom interfaces to drop guest_u SELinux user to use nsswitch

.gitignore

@@ -367,3 +367,5 @@ serefpolicy*
 /selinux-policy-contrib-5a0561d.tar.gz
 /selinux-policy-54c05f2.tar.gz
 /selinux-policy-088381c.tar.gz
+/selinux-policy-contrib-e33aa41.tar.gz
+/selinux-policy-c5e58b6.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 088381c4e36d3b4d4b289ac27a2a2a97f953585e
+%global commit0 c5e58b6c669747beeaca6ecf98f501f754ab871f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5a0561d7b67ae8403d4e1a44acfc8db40ee269a5
+%global commit1 e33aa41687d9585e96fb87ac73168055ab4b8b8f
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -787,6 +787,16 @@ exit 0
 %endif
 
 %changelog
+* Thu May 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-15
+- Allow iscsid_t domain to mmap modules_dep_t files
+- Allow ngaios to use chown capability
+- Dontaudit gpg_domain to create netlink_audit sockets
+- Remove role transition in rpm_run() interface to allow sysadm_r jump to rpm_t type. BZ(1704251)
+- Allow dirsrv_t domain to execute own tmp files BZ(1703111)
+- Update fs_rw_cephfs_files() interface to allow also caller domain to read/write cephpfs_t lnk files
+- Update domain_can_mmap_files() boolean to allow also mmap lnk files
+- Improve userdom interfaces to drop guest_u SELinux user to use nsswitch
+
 * Fri Apr 26 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-14
 - Allow transition from cockpit_session to unpriv user domains
 

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-5a0561d.tar.gz) = 40ac186675b0c3633263165ecc409f9b36752d74e9c699a637f0a56e6a9162bf6be89b4a2a081e331accabaf82d2d36f260804a0743993a64d0425b3fd3dd0cd
-SHA512 (selinux-policy-088381c.tar.gz) = 831d10631a6f70ebe44b1ad9057326a58be6fd71e4261f58c4d8e8cb1dfa7905653c2bbfec7ee23feda749f2a5067b5c41d3331145e56d5d3bfe2cc309ee02e5
-SHA512 (container-selinux.tgz) = f3813f79fdddda9bba892035f0ed530a835c8db9f791bf83c6afb25868e0b575a88132f7021b20604f5144bfd40a00fb0076107c962a8857f319f86381db3ea2
+SHA512 (selinux-policy-contrib-e33aa41.tar.gz) = b2c1db40dd776aeff22da4b53ecd46469751e34c5fde42468275aa255c71d3974b4aa63a55c51cf221876822d30a7f70e56691e052b29a46979728687737fd23
+SHA512 (selinux-policy-c5e58b6.tar.gz) = 511c35663eb7dd9dbe34a8beea7dda20530fba71be9159bc2f1d70b08938772b5623f16260f791694e4fc8288879c4d3bd552c006bbb7ac9b077da64d468386b
+SHA512 (container-selinux.tgz) = 4b5f62d6345875873a03d68e9fbda15a034ae46b92886634f4ef07e3e2edfe64a244eb1dc87006c92aaef7bac53fbabf82c854b7add22a6f1748a00dc6f10d38
 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2