* Sat Apr 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-12
    - Add new boolean redis_enable_notify()
    - Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
    - Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/
    - Allow svnserve_t domain to manage kerberos rcache and read krb5 keytab
    - Add dac_override and dac_read_search capability to hypervvssd_t domain
    - Label /usr/lib/systemd/systemd-fence_sanlockd as fenced_exec_t
    - Allow samba to create /tmp/host_0 as krb5_host_rcache_t
    - Add dac_override capability to fsdaemon_t BZ(1564143)
    - Allow abrt_t domain to map dos files BZ(1564193)
    - Add dac_override capability to automount_t domain
    - Allow keepalived_t domain to connect to system dbus bus
    - Allow nfsd_t to read nvme block devices BZ(1562554)
    - Allow lircd_t domain to execute bin_t files BZ(1562835)
    - Allow l2tpd_t domain to read sssd public files BZ(1563355)
    - Allow logrotate_t domain to do dac_override BZ(1539327)
    - Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t
    - Add capability sys_resource to systemd_sysctl_t domain
    - Label all /dev/rbd* devices as fixed_disk_device_t
    - Allow xdm_t domain to mmap xserver_log_t files BZ(1564469)
    - Allow local_login_t domain to rread udev db
    - Allow systemd_gpt_generator_t to read /dev/random device
    - add definition of bpf class and systemd perms