* Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-11

- Allow confined users to run newaliases
- Add interface mysql_dontaudit_rw_db()
- Label /var/lib/xfsdump/inventory as amanda_var_lib_t
- Allow tmpreaper_t domain to read all domains state
- Make httpd_var_lib_t label system mountdir attribute
- Update cockpit policy
- Update timedatex policy to add macros, more detail below
- Allow nagios_script_t domain list files labled sysfs_t.
- Allow jetty_t domain search and read cgroup_t files.
- Donaudit ifconfig_t domain to read/write mysqld_db_t files
- Dontaudit domains read/write leaked pipes

.gitignore

@@ -414,3 +414,5 @@ serefpolicy*
 /selinux-policy-contrib-070f96c.tar.gz
 /selinux-policy-contrib-7adf788.tar.gz
 /selinux-policy-c95997f.tar.gz
+/selinux-policy-contrib-6b3a800.tar.gz
+/selinux-policy-7b7648b.tar.gz

selinux-policy.spec

@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 c95997f82617ebaf9b87845b3a2b5c721b99b212
+%global commit0 7b7648b9040e7af3c95047f562b151b712757fab
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 7adf7883d0fdd9349f09ceb121e68a63d25503cd
+%global commit1 6b3a80044b76f0aaf7b3dd09c4651dd37fa26db9
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.5
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -787,6 +787,19 @@ exit 0
 %endif
 
 %changelog
+* Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-11
+- Allow confined users to run newaliases
+- Add interface mysql_dontaudit_rw_db()
+- Label /var/lib/xfsdump/inventory as amanda_var_lib_t
+- Allow tmpreaper_t domain to read all domains state
+- Make httpd_var_lib_t label system mountdir attribute
+- Update cockpit policy
+- Update timedatex policy to add macros, more detail below
+- Allow nagios_script_t domain list files labled sysfs_t.
+- Allow jetty_t domain search and read cgroup_t files.
+- Donaudit ifconfig_t domain to read/write mysqld_db_t files
+- Dontaudit domains read/write leaked pipes
+
 * Tue Oct 22 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-10
 - Update timedatex policy to add macros, more detail below
 - Allow nagios_script_t domain list files labled sysfs_t.

sources

@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-7adf788.tar.gz) = 3757c701cca46d858cae1128db3e05b373de3e7e1d56ad4eef137e46047ecfe06e811a1e24c96da9156ebed9e38d7053f0940743de65e866680a693ad47ac2e2
-SHA512 (selinux-policy-c95997f.tar.gz) = 50b2fc0cf928f6408c85bb805cf6bb5b1369a125937db897acbcf69ef24b988427723b313c4d1032bc4313c036a720c017b771c3df53410c1514c6c97acc9ac0
-SHA512 (container-selinux.tgz) = 1d271ad131ddde8eaf08304d9bb9b86e01588a513d3ebdf0bc8fcd4249132a060bf5c5d2e8311badba4a0428ab700c1a27b5d0b9f11e93d78e0ef15acc987aa4
+SHA512 (selinux-policy-contrib-6b3a800.tar.gz) = 9b3e196ebba79b2cb8b9d6a6e967624a32a03f8212852c8924aa9cd3d224b4556f5c3da6a3edaf213a706c23621eaa6d1bdfc0182439a33abf70518861fe91ba
+SHA512 (selinux-policy-7b7648b.tar.gz) = 968c3c226063a8de950809c06fdd3661e07f9b5cb8124614d65303546e47d65556b585d545fa041c34dee28eea429092821703bc0395f52d3ce11f778e3aa0f2
+SHA512 (container-selinux.tgz) = a263a723da828dd48f2d801f6710ecedc83223d7ecb1650b9ff1eac755326d871f0648a2bc2bc1643e0a4141b04b90c96b60863ead7130324dac5849985adca4
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4