* Thu Jul 30 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-22
    - Allow virtlockd only getattr and lock block devices
    - Allow qemu-ga read all non security file types conditionally
    - Allow virtlockd manage VMs posix file locks
    - Allow smbd get attributes of device files labeled samba_share_t
    - Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t
    - Add a new httpd_can_manage_courier_spool boolean
    - Create interface courier_manage_spool_sockets() in courier policy to allow to search dir and allow manage sock files
    - Revert "Allow qemu-kvm read and write /dev/mapper/control"
    - Revert "Allow qemu read and write /dev/mapper/control"
    - Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain"
    - Dontaudit pcscd_t setting its process scheduling
    - Dontaudit thumb_t setting its process scheduling
    - Allow munin domain transition with NoNewPrivileges
    - Add dev_lock_all_blk_files() interface
    - Allow auditd manage kerberos host rcache files
    - Allow systemd-logind dbus chat with fwupd