* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12

- Fix typo in cups SELinux policy
- Allow iscsid_t to read modules deps BZ(1700245)
- Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442)
- Allow httpd_rotatelogs_t to execute generic binaries
- Update system_dbus policy because of dbus-broker-20-2
- Allow httpd_t doman to read/write /dev/zero device  BZ(1700758)
- Allow tlp_t domain to read module deps files BZ(1699459)
- Add file context for /usr/lib/dotnet/dotnet
- Update dev_rw_zero() interface by adding map permission
- Allow bounded transition for executing init scripts

.gitignore

@@ -362,3 +362,5 @@ serefpolicy*
 /selinux-policy-379f4fb.tar.gz
 /selinux-policy-2163c68.tar.gz
 /selinux-policy-contrib-b78d1b1.tar.gz
+/selinux-policy-contrib-d00ed3c.tar.gz
+/selinux-policy-6ed8a72.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 2163c68418f8ac9e3ae8fa57bb0068a6b648f109
+%global commit0 6ed8a7287528f71218ddea3afedc54c95c39b9e4
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 b78d1b1ed3768cb6241486b76edd9b473fe60e6f
+%global commit1 d00ed3cca362cbdcc43be9111cb3d27c2b3b5266
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -787,6 +787,18 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12
+- Fix typo in cups SELinux policy
+- Allow iscsid_t to read modules deps BZ(1700245)
+- Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442)
+- Allow httpd_rotatelogs_t to execute generic binaries
+- Update system_dbus policy because of dbus-broker-20-2
+- Allow httpd_t doman to read/write /dev/zero device  BZ(1700758)
+- Allow tlp_t domain to read module deps files BZ(1699459)
+- Add file context for /usr/lib/dotnet/dotnet
+- Update dev_rw_zero() interface by adding map permission
+- Allow bounded transition for executing init scripts
+
 * Fri Apr 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-11
 - Allow mongod_t domain to lsearch in cgroups BZ(1698743)
 - Allow rngd communication with pcscd BZ(1679217)

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-2163c68.tar.gz) = 39ede15834630559eeb14645246ebb734f342d63d25c95442231ab8044faa22e601c3c7323acea6289ecccd601bb701bb5f7dd7f70b2c94a421f1802a3c52713
-SHA512 (selinux-policy-contrib-b78d1b1.tar.gz) = fcd40a98b4cb183d4f7daa2ebe63412554651f31c2639c86b9a67324d273ea25e4e1529e546a0a6a21160e19594dc11c63c30344d2a2b0b4933c247468922c29
-SHA512 (container-selinux.tgz) = 1b38f927429674c50533eca11ea726579bfd207453474fafae1c0949004fc1ccd7a7cadd6ad01682ff0a1e706a9475c2ccf85d4712f2d43b967c04e200b7f860
+SHA512 (selinux-policy-contrib-d00ed3c.tar.gz) = 1bacec62b941abd7a0ad9977037ae6762d1ca4bd02b3c0b0b10091f710b5d96b78f8e9adc824c88d00378bd48d2522a5636562b657679f63ce574f6e0babc0ec
+SHA512 (selinux-policy-6ed8a72.tar.gz) = 895da6ebd991625f509accb47773f6557ce284917d714158ca484af5135e436f1e0e512303100afe9ce665fa0b895b090b04e58fe169c91fc62d9d3999d2336f
+SHA512 (container-selinux.tgz) = f1391d9e30efa936a1d8afb56d88a841a203b893e05aaefb1704367bf6f0d40cf45b7d393081d6a0e3c6ed15a5b559fa17e2b27bc87f409f8b83c20d91fa6709
 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2