* Tue Apr 18 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-251

- Fix abrt module to reflect all changes in abrt release

policy-rawhide-contrib.patch

@@ -589,7 +589,7 @@ index 058d908..ee0c559 100644
 +')
 +
 diff --git a/abrt.te b/abrt.te
-index eb50f07..1c4fbd3 100644
+index eb50f07..ca625e9 100644
 --- a/abrt.te
 +++ b/abrt.te
 @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1)
@@ -870,7 +870,7 @@ index eb50f07..1c4fbd3 100644
  ')
  
  optional_policy(`
-@@ -222,6 +255,36 @@ optional_policy(`
+@@ -222,6 +255,37 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -887,6 +887,7 @@ index eb50f07..1c4fbd3 100644
 +
 +optional_policy(`
 +    mta_send_mail(abrt_t)
++    mta_manage_home_rw(abrt_t)
 +')
 +
 +optional_policy(`
@@ -907,7 +908,7 @@ index eb50f07..1c4fbd3 100644
  	policykit_domtrans_auth(abrt_t)
  	policykit_read_lib(abrt_t)
  	policykit_read_reload(abrt_t)
-@@ -234,18 +297,25 @@ optional_policy(`
+@@ -234,18 +298,25 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -936,7 +937,7 @@ index eb50f07..1c4fbd3 100644
  
  optional_policy(`
  	sosreport_domtrans(abrt_t)
-@@ -253,9 +323,21 @@ optional_policy(`
+@@ -253,9 +324,21 @@ optional_policy(`
  	sosreport_delete_tmp_files(abrt_t)
  ')
  
@@ -959,7 +960,7 @@ index eb50f07..1c4fbd3 100644
  #
  
  allow abrt_handle_event_t self:fifo_file rw_fifo_file_perms;
-@@ -266,9 +348,13 @@ tunable_policy(`abrt_handle_event',`
+@@ -266,9 +349,13 @@ tunable_policy(`abrt_handle_event',`
  	can_exec(abrt_t, abrt_handle_event_exec_t)
  ')
  
@@ -974,7 +975,7 @@ index eb50f07..1c4fbd3 100644
  #
  
  allow abrt_helper_t self:capability { chown setgid sys_nice };
-@@ -281,6 +367,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
+@@ -281,6 +368,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
  manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
  manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
  files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
@@ -982,7 +983,7 @@ index eb50f07..1c4fbd3 100644
  
  read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
  read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
-@@ -289,15 +376,20 @@ corecmd_read_all_executables(abrt_helper_t)
+@@ -289,15 +377,20 @@ corecmd_read_all_executables(abrt_helper_t)
  
  domain_read_all_domains_state(abrt_helper_t)
  
@@ -1003,7 +1004,7 @@ index eb50f07..1c4fbd3 100644
  	userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
  	userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
  	dev_dontaudit_read_all_blk_files(abrt_helper_t)
-@@ -305,11 +397,25 @@ ifdef(`hide_broken_symptoms',`
+@@ -305,11 +398,25 @@ ifdef(`hide_broken_symptoms',`
  	dev_dontaudit_write_all_chr_files(abrt_helper_t)
  	dev_dontaudit_write_all_blk_files(abrt_helper_t)
  	fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
@@ -1030,7 +1031,7 @@ index eb50f07..1c4fbd3 100644
  #
  
  allow abrt_retrace_coredump_t self:fifo_file rw_fifo_file_perms;
-@@ -327,10 +433,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t)
+@@ -327,10 +434,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t)
  
  dev_read_urand(abrt_retrace_coredump_t)
  
@@ -1044,7 +1045,7 @@ index eb50f07..1c4fbd3 100644
  optional_policy(`
  	rpm_exec(abrt_retrace_coredump_t)
  	rpm_dontaudit_manage_db(abrt_retrace_coredump_t)
-@@ -343,10 +451,11 @@ optional_policy(`
+@@ -343,10 +452,11 @@ optional_policy(`
  
  #######################################
  #
@@ -1058,7 +1059,7 @@ index eb50f07..1c4fbd3 100644
  allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms;
  
  domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t)
-@@ -365,38 +474,84 @@ corecmd_exec_shell(abrt_retrace_worker_t)
+@@ -365,38 +475,84 @@ corecmd_exec_shell(abrt_retrace_worker_t)
  
  dev_read_urand(abrt_retrace_worker_t)
  
@@ -1147,7 +1148,7 @@ index eb50f07..1c4fbd3 100644
  
  #######################################
  #
-@@ -404,25 +559,60 @@ logging_read_generic_logs(abrt_dump_oops_t)
+@@ -404,25 +560,60 @@ logging_read_generic_logs(abrt_dump_oops_t)
  #
  
  allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms;
@@ -1210,7 +1211,7 @@ index eb50f07..1c4fbd3 100644
  ')
  
  #######################################
-@@ -430,10 +620,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
+@@ -430,10 +621,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
  # Global local policy
  #
  
@@ -75644,7 +75645,7 @@ index ded95ec..3cf7146 100644
 +	postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
  ')
 diff --git a/postfix.te b/postfix.te
-index 5cfb83e..b140dcb 100644
+index 5cfb83e..9cfa754 100644
 --- a/postfix.te
 +++ b/postfix.te
 @@ -6,27 +6,23 @@ policy_module(postfix, 1.15.1)
@@ -75822,9 +75823,8 @@ index 5cfb83e..b140dcb 100644
 -########################################
 -#
 -# Common postfix user domain local policy
-+# Postfix master process local policy
+-#
- #
+-
- 
 -allow postfix_user_domains self:capability dac_override;
 -
 -domain_use_interactive_fds(postfix_user_domains)
@@ -75832,8 +75832,9 @@ index 5cfb83e..b140dcb 100644
 -########################################
 -#
 -# Master local policy
--#
++# Postfix master process local policy
--
+ #
+ 
 -allow postfix_master_t self:capability { chown dac_override kill fowner setgid setuid sys_tty_config };
 +# chown is to set the correct ownership of queue dirs
 +allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config };
@@ -76206,7 +76207,7 @@ index 5cfb83e..b140dcb 100644
  files_read_etc_runtime_files(postfix_map_t)
  files_dontaudit_search_var(postfix_map_t)
  
-@@ -508,21 +422,22 @@ auth_use_nsswitch(postfix_map_t)
+@@ -508,21 +422,24 @@ auth_use_nsswitch(postfix_map_t)
  
  logging_send_syslog_msg(postfix_map_t)
  
@@ -76227,12 +76228,14 @@ index 5cfb83e..b140dcb 100644
 +# Postfix pickup local policy
  #
  
++dontaudit postfix_pickup_t self:capability net_admin;
++
 +allow postfix_pickup_t self:tcp_socket create_socket_perms;
 +
  stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
  
  rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
-@@ -532,21 +447,21 @@ allow postfix_pickup_t postfix_spool_t:dir list_dir_perms;
+@@ -532,21 +449,21 @@ allow postfix_pickup_t postfix_spool_t:dir list_dir_perms;
  read_files_pattern(postfix_pickup_t, postfix_spool_t, postfix_spool_t)
  delete_files_pattern(postfix_pickup_t, postfix_spool_t, postfix_spool_t)
  
@@ -76258,7 +76261,7 @@ index 5cfb83e..b140dcb 100644
  
  write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)
  
-@@ -557,6 +472,10 @@ domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+@@ -557,6 +474,10 @@ domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
  corecmd_exec_bin(postfix_pipe_t)
  
  optional_policy(`
@@ -76269,7 +76272,7 @@ index 5cfb83e..b140dcb 100644
  	dovecot_domtrans_deliver(postfix_pipe_t)
  ')
  
-@@ -584,19 +503,28 @@ optional_policy(`
+@@ -584,19 +505,28 @@ optional_policy(`
  
  ########################################
  #
@@ -76303,7 +76306,7 @@ index 5cfb83e..b140dcb 100644
  
  term_dontaudit_use_all_ptys(postfix_postdrop_t)
  term_dontaudit_use_all_ttys(postfix_postdrop_t)
-@@ -611,10 +539,7 @@ optional_policy(`
+@@ -611,10 +541,7 @@ optional_policy(`
  	cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
  ')
  
@@ -76315,7 +76318,7 @@ index 5cfb83e..b140dcb 100644
  optional_policy(`
  	fstools_read_pipes(postfix_postdrop_t)
  ')
-@@ -629,17 +554,24 @@ optional_policy(`
+@@ -629,17 +556,24 @@ optional_policy(`
  
  #######################################
  #
@@ -76343,7 +76346,7 @@ index 5cfb83e..b140dcb 100644
  
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
-@@ -655,69 +587,78 @@ optional_policy(`
+@@ -655,69 +589,78 @@ optional_policy(`
  
  ########################################
  #
@@ -76440,7 +76443,7 @@ index 5cfb83e..b140dcb 100644
  ')
  
  optional_policy(`
-@@ -730,28 +671,32 @@ optional_policy(`
+@@ -730,28 +673,32 @@ optional_policy(`
  
  ########################################
  #
@@ -76481,7 +76484,7 @@ index 5cfb83e..b140dcb 100644
  
  optional_policy(`
  	dovecot_stream_connect_auth(postfix_smtpd_t)
-@@ -764,6 +709,7 @@ optional_policy(`
+@@ -764,6 +711,7 @@ optional_policy(`
  
  optional_policy(`
  	milter_stream_connect_all(postfix_smtpd_t)
@@ -76489,7 +76492,7 @@ index 5cfb83e..b140dcb 100644
  ')
  
  optional_policy(`
-@@ -774,31 +720,101 @@ optional_policy(`
+@@ -774,31 +722,101 @@ optional_policy(`
  	sasl_connect(postfix_smtpd_t)
  ')
  

selinux-policy.spec

@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 250%{?dist}
+Release: 251%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -682,6 +682,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 18 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-251
+- Fix abrt module to reflect all changes in abrt release
+
 * Tue Apr 18 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-250
 - Allow tlp_t domain to ioctl removable devices BZ(1436830)
 - Allow tlp_t domain domtrans into mount_t BZ(1442571)