* Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7

- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
- Allow keepalived_t domain getattr proc filesystem
- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t

.gitignore

@@ -246,3 +246,5 @@ serefpolicy*
 /selinux-policy-contrib-a1cd00e.tar.gz
 /selinux-policy-642cc91.tar.gz
 /selinux-policy-contrib-b657ba0.tar.gz
+/selinux-policy-contrib-0311bf8.tar.gz
+/selinux-policy-ef9ecd7.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 642cc914194fdf225bab87ad62a2af18aa10d7ac
+%global commit0 ef9ecd7412c0ce6cf3e1ade2295a562d1ca1efc2
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 b657ba01c0bcce6fa62a1d5319cc2e105b5bc6d7
+%global commit1 0311bf8534a6dc4f797d28b48f76a0023c17919f
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@@ -719,6 +719,14 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7
+- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
+- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
+- Allow keepalived_t domain getattr proc filesystem
+- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
+- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
+- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
+
 * Tue Feb 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-6
 - Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
 - Add new interface ppp_filetrans_named_content()

sources

@@ -1,3 +1,3 @@
-SHA512 (container-selinux.tgz) = 2e41e73ea7296d784010b0ad1c8a5080f4c5cf1834e69a3f71a3618e9571cfb90395fb96ec24a8915014859c8547382181047203f1df101641db250622b3a65b
-SHA512 (selinux-policy-642cc91.tar.gz) = 27df867d6c4c3110238235720335d94b9f4b4742a0a91a27538af9e401518acc58af0619f09f6210f246b5e6f67b57e59fd3c48723406246d124f08a7792ae0f
-SHA512 (selinux-policy-contrib-b657ba0.tar.gz) = 480185612e71f93c15ae5616cce435a2bee9bd92ec61e7934ec36c2ee95a77e82e36a9d0c58c36d10cda5378deac041339cd9bfe3b3c10c69371e81e177b916d
+SHA512 (selinux-policy-contrib-0311bf8.tar.gz) = c60ed0049134ccdbeac0a5fa2db8719ff32c4b4f3b9e32113ac71c52b22c6cfd7b516d9ab82ce44d202579a8560e566754e0ac07f079dd4eadbe7f8170c9986c
+SHA512 (selinux-policy-ef9ecd7.tar.gz) = 9cd195437fa49f13ca2537b3d3954f632081d3d4cfbf232d74fba36f45431542c6ee2e4f865ba0586172574dffcd64cc8f71242129413ab2bf6d42ea3ede5c9a
+SHA512 (container-selinux.tgz) = 8d15bfbd73b4fabfe6cf5531c232b8cb4a81225b9e3cdcc8e3eb80e1f3cb8a6e59b6be7112b4d09dd6a20a2b6bcd80f8b3184a6f550270ed14047e3f432b75fe