From c27a202c2588c78e99e4217d4c8c3333423a141d Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Aug 13 2019 16:06:41 +0000
Subject: * Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-44

- cockpit: Allow cockpit-session to read cockpit-tls state
- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983)
- Allow named_t domain to read/write samba_var_t files BZ(1738794)
- Dontaudit abrt_t domain to read root_t files
- Allow ipa_dnskey_t domain to read kerberos keytab
- Allow mongod_t domain to read cgroup_t files BZ(1739357)
- Update ibacm_t policy
- Allow dlm_controld_t domain setgid capability
- Allow tlp domain run tlp in trace mode BZ(1737106)
- Allow cgdcbxd_t domain to list cgroup dirs
- Update ctdbd_t policy
- Update bind_read_cache() interface to allow caller domain also list named_cache_t dirs.
- Allow xdm_t domain to read kernel sysctl BZ(1740385)
- Add sys_admin capability for xdm_t in user namespace. BZ(1740386)
- Allow dbus communications with resolved for DNS lookups
- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp
- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t
- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs
- Run lvmdbusd service as lvm_t

---

diff --git a/.gitignore b/.gitignore
index 54c9035..f6d961f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -384,3 +384,5 @@ serefpolicy*
 /selinux-policy-5373647.tar.gz
 /selinux-policy-contrib-f8a4967.tar.gz
 /selinux-policy-e60861f.tar.gz
+/selinux-policy-contrib-eec7545.tar.gz
+/selinux-policy-7a4c452.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2961b53..a48b6eb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 e60861f43f5665a74a6ceae63ad61d0d0ae68da8
+%global commit0 7a4c452d615d438412dc4b9aadb057f69ba24f03
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 f8a4967830dfe3cfbaaf2b4560fe53ca313527f2
+%global commit1 eec7545a176b76c2193a2faef048a82c6477ae15
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -714,6 +714,27 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-44
+- cockpit: Allow cockpit-session to read cockpit-tls state
+- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983)
+- Allow named_t domain to read/write samba_var_t files BZ(1738794)
+- Dontaudit abrt_t domain to read root_t files
+- Allow ipa_dnskey_t domain to read kerberos keytab
+- Allow mongod_t domain to read cgroup_t files BZ(1739357)
+- Update ibacm_t policy
+- Allow dlm_controld_t domain setgid capability
+- Allow tlp domain run tlp in trace mode BZ(1737106)
+- Allow cgdcbxd_t domain to list cgroup dirs
+- Update ctdbd_t policy
+- Update bind_read_cache() interface to allow caller domain also list named_cache_t dirs.
+- Allow xdm_t domain to read kernel sysctl BZ(1740385)
+- Add sys_admin capability for xdm_t in user namespace. BZ(1740386)
+- Allow dbus communications with resolved for DNS lookups
+- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp
+- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t
+- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs
+- Run lvmdbusd service as lvm_t
+
 * Tue Jul 30 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-43
 - Allow dhcpd_t domain to read network sysctls.
 - Allow nut services to communicate with unconfined domains
diff --git a/sources b/sources
index ccb2a95..fd71bd0 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-f8a4967.tar.gz) = d2cc99b262c523fe7947a24d767d7e056b59b5ebee6edc477b0a24b1112cc7158242457b7a9575ed326774ab21497e97a658ad49de79c717bbb8565d52be87ac
-SHA512 (selinux-policy-e60861f.tar.gz) = e3358189b7bfe132cb1c2381b5c3c4486ebe55eda553156dc58b37a0b95235b0419aef2bce2e9e41bb33a8db374029d94584687083dca833820a6c3115ca2293
-SHA512 (container-selinux.tgz) = 625479aff3b1a890e70cb5eeb0304ab3e247358b0e6356e5df3880bc99f21bd57376088c59783c11a4604edae0b0503ae34934408153146bbb9e8ec77497aed3
+SHA512 (selinux-policy-contrib-eec7545.tar.gz) = dcf08980d55882543d0eb55567928b421cafabf2ebef34ca2400368381136e9e2eeea1d9bac51af9da0b1a0f3a6f4729d32ca1ba968810b5d75446d07a9756ca
+SHA512 (selinux-policy-7a4c452.tar.gz) = 82c4202db9e4af212881fca596bad8733551f46616f45048a7a36bd1642247435fe3da12c78a06b963eecf1a0ab94161c0d800eccf887b172001d4ef53516bb2
+SHA512 (container-selinux.tgz) = ee736ccb89462fef600c34c192c6eafc58738a670dffa013c525891fff7c99f09cec634720d6abc0275860e2738061c13cea22988abb21695b6488c91e1ff194
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4