* Tue Jun 18 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-39
    - Add vnstatd_var_lib_t to mountpoint attribute BZ(1648864)
    - cockpit: Support split-out TLS proxy
    - Allow dkim_milter_t to use shell BZ(1716937)
    - Create explicit fc rule for mailman executable BZ(1666004)
    - Update interface networkmanager_manage_pid_files() to allow manage also dirs
    - Allow dhcpd_t domain to mmap dnssec_t files BZ(1718701)
    - Add new interface bind_map_dnssec_keys()
    - Update virt_use_nfs() boolean to allow virt_t to mmap nfs_t files
    - Allow redis_t domain to read public sssd files
    - Allow fetchmail_t to connect to dovecot stream sockets BZ(1715569)
    - Allow confined users to login via cockpit
    - Allow nfsd_t domain to do chroot becasue of new version of nfsd
    - Add gpg_agent_roles to system_r roles
    - Allow qpidd_t domain to getattr all fs_t filesystem and mmap usr_t files
    - Allow rhsmcertd_t domain to manage rpm cache
    - Allow sbd_t domain to read tmpfs_t symlinks
    - Allow ctdb_t domain to manage samba_var_t files/links/sockets and dirs
    - Allow kadmind_t domain to read home config data
    - Allow sbd_t domain to readwrite cgroups
    - Allow NetworkManager_t domain to read nsfs_t files BZ(1715597)
    - Label /var/log/pacemaker/pacemaker as cluster_var_log_t
    - Allow certmonger_t domain to manage named cache files/dirs
    - Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800)
    - Allow crack_t domain read /et/passwd files
    - Label fontconfig cache and config files and directories BZ(1659905)
    - Allow dhcpc_t domain to manage network manager pid files
    - Label /usr/sbin/nft as iptables_exec_t
    - Allow userdomain attribute to manage cockpit_ws_t stream sockets
    - Allow ssh_agent_type to read/write cockpit_session_t unnamed pipes
    - Add interface ssh_agent_signal()