* Sun May 14 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-225.15
    - auth_use_nsswitch can call only domain not attribute
    - Fix broken cermonger module
    - Dontaudit net_admin cap for winbind_t
    - Allow tlp_t domain to stream connect to system bus
    - Allow hypervkvp_t domain execute hostname
    - Dontaudit sssd_selinux_manager_t use of net_admin capability
    - Allow sssd_selinux_manager_t to ioctl init_t sockets
    - Allow pki_tomcat_t domain read /etc/passwd.
    - Label new path for ipa-otpd
    - Allow radiusd_t domain stream connect to postgresql_t
    - Allow rhsmcertd_t to execute hostname_exec_t binaries.
    - Allow virtlogd to append nfs_t files when virt_use_nfs=1
    - Allow httpd_t domain read also httpd_user_content_type lnk_files.
    - Dontaudit <user>_gkeyringd_t stream connect to system_dbusd_t
    - Label /var/www/html/nextcloud/data as httpd_sys_rw_content_t
    - Add interface ipa_filetrans_named_content()
    - Allow tomcat use nsswitch
    - Allow dirsrv read cgroup files.
    - Allow certmonger_t start/status generic services
    - Allow sendmail_t domain sysctl_net_t files
    - Allow targetd_t domain read network state and getattr on loop_control_device_t
    - Allow condor_schedd_t domain send mails.
    - Fixed typo bugs from sssd module
    - Fix typo in sssd interface file
    - Add sssd_secrets labeling
    - Allow ntpd to creating sockets. BZ(1434395)
    - Revert "Allow <role>_su_t to create netlink_selinux_socket"
    - Allow <role>_su_t to create netlink_selinux_socket
    - Allow unconfined_t to module_load any file
    - Allow staff to systemctl virt server when staff_use_svirt=1
    - Allow unconfined_t create /tmp/ca.p12 file with ipa_tmp_t context
    - Allow netutils setpcap capability
    - Dontaudit leaked file descriptor happening in setfiles_t domain BZ(1388124)