* Tue Apr 16 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-12

- Allow rngd create netlink_kobject_uevent_socket and read udev runtime files
- Allow ssh-keygen create file in /var/lib/glusterd
- Update ctdbd_manage_lib_files() to also allow mmap ctdbd_var_lib_t files
- Merge ipa and ipa_custodia modules
- Allow NetworkManager_ssh_t to execute_no_trans for binary ssh_exec_t
- Introduce daemons_dontaudit_scheduling boolean
- Modify path for arping in netutils.fc to match both bin and sbin
- Change file context for /var/run/pam_ssh to match file transition
- Add file context entry and file transition for /var/run/pam_timestamp

.gitignore

@@ -456,3 +456,5 @@ serefpolicy*
 /selinux-policy-contrib-2c38d35.tar.gz
 /selinux-policy-contrib-d5da042.tar.gz
 /selinux-policy-50a6afe.tar.gz
+/selinux-policy-ad1d355.tar.gz
+/selinux-policy-contrib-6db7310.tar.gz

modules-targeted-contrib.conf

@@ -2663,10 +2663,3 @@ rrdcached = module
 # stratisd
 #
 stratisd = module
-
-# Layer: contrib
-# Module: ipa_custodia
-#
-# ipa_custodia
-#
-ipa_custodia = module

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 50a6afe26d1b3083c339adc1c5f6193ec0cb71cd
+%global commit0 ad1d35503f55f535401daa0a59913aa559c38d44
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 d5da0422ebc96d5acbe912aa8d5c3bc8a1ace015
+%global commit1 6db7310a3b7385e07359a978a46c52d7ec22bedd
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.6
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -772,6 +772,17 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 14 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-12
+- Allow rngd create netlink_kobject_uevent_socket and read udev runtime files
+- Allow ssh-keygen create file in /var/lib/glusterd
+- Update ctdbd_manage_lib_files() to also allow mmap ctdbd_var_lib_t files
+- Merge ipa and ipa_custodia modules
+- Allow NetworkManager_ssh_t to execute_no_trans for binary ssh_exec_t
+- Introduce daemons_dontaudit_scheduling boolean
+- Modify path for arping in netutils.fc to match both bin and sbin
+- Change file context for /var/run/pam_ssh to match file transition
+- Add file context entry and file transition for /var/run/pam_timestamp
+
 * Tue Mar 31 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-11
 - Allow NetworkManager manage dhcpd unit files
 - Update ninfod policy to add nnp transition from systemd to ninfod

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-d5da042.tar.gz) = 2c1b56fe7b5a4586bba0426f6e4fde587f73e528da48bd23efe2a41e77ba1448ef791f8162d4cc296e0b76d52229cda53ca4183690e2e944bd2c0e2c0949b3a7
-SHA512 (selinux-policy-50a6afe.tar.gz) = bf61e844af6a3bd8138ba95270a641f17e322d09dafdd8cf278b36ba088ce9a7672ccef1d9ed2aede89e8e59c3899fe2f6cc3e86234a3239dcc22bbd8a7b432b
-SHA512 (container-selinux.tgz) = 5d755b9fd44c3c12dbdce64648d9dd57c4dafc6456f5705ef81c61308d790e3ef2554108d416925c09f35919ef89d9b41f5293a54b43fc058c13130122ebf834
+SHA512 (selinux-policy-ad1d355.tar.gz) = c58b42b7b0a6c92f0efb3cd64c7c7dc4d8645dcc1a66e1af59a508ac22cbf777e82d7ecd69ba65eb0031470b7c8c6f8e55a3f0275da21da2f0b5ce2d5a394750
+SHA512 (selinux-policy-contrib-6db7310.tar.gz) = 805bffcdee4cdf870973419c22f04b9862873c68f73fede5c8360750719efb96c28a72e2bb5382e4a7b7df25a3dbd3997f740c4a6d194c00f9b1468afe6a3009
+SHA512 (container-selinux.tgz) = 551b7288daeb2742e6bdbf8ec31ae5ff5efc3223ef30776359ec3480a0d9a5b16174a0f74bbacd446c56f822b51c83c3b4ad7c74b2e843f2c698dcfacbf6a175
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4