* Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20
    - Allow sensord_t domain to use nsswitch and execute shell
    - Allow opafm_t domain to execute lib_t files
    - Allow opafm_t domain to manage kdump_crash_t files and dirs
    - Allow virt domains to read/write cephfs filesystems
    - Allow virtual machine to write to fixed_disk_device_t
    - Update kdump_manage_crash() interface to allow also manage dirs by caller domain Resolves: rhbz#1491585
    - Allow svnserve_t domain to create in /tmp svn_0 file labeled as krb5_host_rcache_t
    - Allow vhostmd_t read libvirt configuration files
    - Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
    - Add miscfiles_filetrans_named_content_letsencrypt() to optional_block - Allow unconfined domains to create letsencrypt directory in /var/lib labeled as cert_t - Allow staff_t user to systemctl iptables units. - Allow systemd to read selinux logind config - obj_perm_sets.spt: Add xdp_socket to socket_class_set. - Add xdp_socket security class and access vectors - Allow transition from init_t domain to user_t domain during ssh login with confined user user_u