* Mon Apr 03 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-225.12
    - Allow drbd load modules
    - Revert "Add sys_module capability for drbd"
    - Fix cockpit module
    - Allow sssd responders to run as socket activated services
    - Allow radius_t domain ptrace
    - Update pcp SELinux module to reflect all pcp changes
    - Revert "Remove tomcat_t domain from unconfined domains"
    - Label /var/lib/ssl_db as squid_cache_t Label /etc/squid/ssl_db as squid_cache_t
    - Allow pcp_pmcd_t domain search for network sysctl Allow pcp_pmcd_t domain sys_ptrace capability
    - Update targetd policy
    - Label /run/haproxy.sock socket as haproxy_var_run_t
    - Allow oddjob_mkhomedir_t to mamange autofs_t dirs.
    - Allow tomcat to connect on http_cache_port_t
    - Allow nova domain search for httpd configuration.
    - Add sys_module capability for drbd
    - Allow cloud_init to send dbus messages to the init system
    - Dontaudit postfix domains to request modules
    - Add haproxy_t domain fowner capability
    - Allow domain transition from ntpd_t to hwclock_t domains
    - Allow cockpit_session_t setrlimit and sys_resource
    - Dontaudit svirt_t read state of libvirtd domain
    - Update httpd and gssproxy modules to reflects latest changes in freeipa
    - Make fwupd_var_lib_t type mountpoint. BZ(1429341)
    - Remove tomcat_t domain from unconfined domains
    - Create new boolean: sanlock_enable_home_dirs()
    - Allow mdadm_t domain to read/write nvme_device_t
    - Allow cyrus stream connect to gssproxy
    - Label /usr/libexec/cockpit-ssh as cockpit_session_exec_t and allow few rules
    - Allow colord_t to read systemd hwdb.bin file
    - Allow dirsrv_t to create /var/lock/dirsrv labeled as dirsrc_var_lock_t
    - Allow ptp4l wake_alarm capability
    - Add nmbd_t capability2 block_suspend
    - Add domain transition from sosreport_t to iptables_t