From c5179b80038774ccee06b4d45c05fe4aa7336c68 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Feb 24 2014 12:33:03 +0000
Subject: * Mon Feb 24 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.19

- Added var_lib filetrans in iscsi policy
- Allow iscsi to manage iscsi_var_lib_t files and dirs
- Fixed openvswitch policy
- zabbix_agent uses nsswitch
- Allow procmail and dovecot to work together to deliver mail
- Allow spamd to execute files in homedir if boolean turned on
- Allow openvswitch to listen on port 6634
- Allow mailserver_domains to manage and transition to mailman data
- Add label for openvswitch port

---

diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index da6bf89..14358b4 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -5428,7 +5428,7 @@ index 8e0f9cd..b9f45b9 100644
  
  define(`create_packet_interfaces',``
 diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 4edc40d..12b06be 100644
+index 4edc40d..0402154 100644
 --- a/policy/modules/kernel/corenetwork.te.in
 +++ b/policy/modules/kernel/corenetwork.te.in
 @@ -5,6 +5,7 @@ policy_module(corenetwork, 1.18.4)
@@ -5633,7 +5633,7 @@ index 4edc40d..12b06be 100644
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
  network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
  network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
-@@ -185,26 +221,34 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
+@@ -185,26 +221,35 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
  network_port(mxi, tcp,8005,s0, udp,8005,s0)
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
  network_port(mysqlmanagerd, tcp,2273,s0)
@@ -5654,6 +5654,7 @@ index 4edc40d..12b06be 100644
  network_port(ocsp, tcp,9080,s0)
  network_port(openhpid, tcp,4743,s0, udp,4743,s0)
  network_port(openvpn, tcp,1194,s0, udp,1194,s0)
++network_port(openvswitch, tcp,6634,s0)
 +network_port(osapi_compute, tcp, 8774, s0)
  network_port(pdps, tcp,1314,s0, udp,1314,s0)
  network_port(pegasus_http, tcp,5988,s0)
@@ -5672,7 +5673,7 @@ index 4edc40d..12b06be 100644
  network_port(portmap, udp,111,s0, tcp,111,s0)
  network_port(postfix_policyd, tcp,10031,s0)
  network_port(postgresql, tcp,5432,s0)
-@@ -214,38 +258,45 @@ network_port(prelude, tcp,4690,s0, udp,4690,s0)
+@@ -214,38 +259,45 @@ network_port(prelude, tcp,4690,s0, udp,4690,s0)
  network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
@@ -5725,7 +5726,7 @@ index 4edc40d..12b06be 100644
  network_port(ssh, tcp,22,s0)
  network_port(stunnel) # no defined portcon
  network_port(svn, tcp,3690,s0, udp,3690,s0)
-@@ -257,8 +308,9 @@ network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
+@@ -257,8 +309,9 @@ network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
  network_port(tcs, tcp, 30003, s0)
  network_port(telnetd, tcp,23,s0)
  network_port(tftp, udp,69,s0)
@@ -5736,7 +5737,7 @@ index 4edc40d..12b06be 100644
  network_port(transproxy, tcp,8081,s0)
  network_port(trisoap, tcp,10200,s0, udp,10200,s0)
  network_port(ups, tcp,3493,s0)
-@@ -268,10 +320,10 @@ network_port(varnishd, tcp,6081-6082,s0)
+@@ -268,10 +321,10 @@ network_port(varnishd, tcp,6081-6082,s0)
  network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
  network_port(virtual_places, tcp,1533,s0, udp,1533,s0)
  network_port(virt_migration, tcp,49152-49216,s0)
@@ -5749,7 +5750,7 @@ index 4edc40d..12b06be 100644
  network_port(winshadow, tcp,3161,s0, udp,3261,s0)
  network_port(wsdapi, tcp,5357,s0, udp,5357,s0)
  network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
-@@ -292,12 +344,16 @@ network_port(zope, tcp,8021,s0)
+@@ -292,12 +345,16 @@ network_port(zope, tcp,8021,s0)
  # Defaults for reserved ports.	Earlier portcon entries take precedence;
  # these entries just cover any remaining reserved ports not otherwise declared.
  
@@ -5768,7 +5769,7 @@ index 4edc40d..12b06be 100644
  
  ########################################
  #
-@@ -330,6 +386,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
+@@ -330,6 +387,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
  
  build_option(`enable_mls',`
  network_interface(lo, lo, s0 - mls_systemhigh)
@@ -5777,7 +5778,7 @@ index 4edc40d..12b06be 100644
  ',`
  typealias netif_t alias { lo_netif_t netif_lo_t };
  ')
-@@ -342,9 +400,24 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -342,9 +401,24 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
  allow corenet_unconfined_type node_type:node *;
  allow corenet_unconfined_type netif_type:netif *;
  allow corenet_unconfined_type packet_type:packet *;
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index f12084f..e7fd9c2 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -21958,7 +21958,7 @@ index c880070..4448055 100644
 -/var/spool/dovecot(/.*)?	gen_context(system_u:object_r:dovecot_spool_t,s0)
 +/var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
 diff --git a/dovecot.if b/dovecot.if
-index dbcac59..66d42bb 100644
+index dbcac59..067c453 100644
 --- a/dovecot.if
 +++ b/dovecot.if
 @@ -1,29 +1,49 @@
@@ -22085,8 +22085,29 @@ index dbcac59..66d42bb 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -122,8 +138,8 @@ interface(`dovecot_write_inherited_tmp_files',`
+@@ -120,10 +136,29 @@ interface(`dovecot_write_inherited_tmp_files',`
+ 	allow $1 dovecot_tmp_t:file write;
+ ')
  
++####################################
++## <summary>
++##	Read dovecot configuration file.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dovecot_read_config',`
++	gen_require(`
++		type dovecot_etc_t;
++	')
++
++	files_search_etc($1)
++	read_files_pattern($1, dovecot_etc_t, dovecot_etc_t)
++')
++
  ########################################
  ## <summary>
 -##	All of the rules required to
@@ -22096,7 +22117,7 @@ index dbcac59..66d42bb 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -132,21 +148,24 @@ interface(`dovecot_write_inherited_tmp_files',`
+@@ -132,21 +167,24 @@ interface(`dovecot_write_inherited_tmp_files',`
  ## </param>
  ## <param name="role">
  ##	<summary>
@@ -22127,7 +22148,7 @@ index dbcac59..66d42bb 100644
  
  	init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
  	domain_system_change_exemption($1)
-@@ -156,20 +175,25 @@ interface(`dovecot_admin',`
+@@ -156,20 +194,25 @@ interface(`dovecot_admin',`
  	files_list_etc($1)
  	admin_pattern($1, dovecot_etc_t)
  
@@ -30709,7 +30730,7 @@ index 1a35420..4b9b978 100644
  	logging_search_logs($1)
  	admin_pattern($1, iscsi_log_t)
 diff --git a/iscsi.te b/iscsi.te
-index 57304e4..46e5e3d 100644
+index 57304e4..2657302 100644
 --- a/iscsi.te
 +++ b/iscsi.te
 @@ -9,8 +9,8 @@ type iscsid_t;
@@ -30733,7 +30754,20 @@ index 57304e4..46e5e3d 100644
  allow iscsid_t self:process { setrlimit setsched signal };
  allow iscsid_t self:fifo_file rw_fifo_file_perms;
  allow iscsid_t self:unix_stream_socket { accept connectto listen };
-@@ -64,11 +63,12 @@ files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
+@@ -55,20 +54,22 @@ manage_dirs_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
+ manage_files_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
+ fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, { dir file })
+ 
+-allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
+-read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
+-read_lnk_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
++manage_dirs_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
++manage_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
++manage_lnk_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
++files_var_lib_filetrans(iscsid_t, iscsi_var_lib_t, dir)
+ 
+ manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
+ files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
  
  can_exec(iscsid_t, iscsid_exec_t)
  
@@ -30747,7 +30781,7 @@ index 57304e4..46e5e3d 100644
  corenet_all_recvfrom_netlabel(iscsid_t)
  corenet_tcp_sendrecv_generic_if(iscsid_t)
  corenet_tcp_sendrecv_generic_node(iscsid_t)
-@@ -85,21 +85,26 @@ corenet_sendrecv_isns_client_packets(iscsid_t)
+@@ -85,21 +86,26 @@ corenet_sendrecv_isns_client_packets(iscsid_t)
  corenet_tcp_connect_isns_port(iscsid_t)
  corenet_tcp_sendrecv_isns_port(iscsid_t)
  
@@ -53278,7 +53312,7 @@ index 9b15730..eedd136 100644
 +	')
  ')
 diff --git a/openvswitch.te b/openvswitch.te
-index 508fedf..a499612 100644
+index 508fedf..ce582bf 100644
 --- a/openvswitch.te
 +++ b/openvswitch.te
 @@ -1,4 +1,4 @@
@@ -53301,7 +53335,7 @@ index 508fedf..a499612 100644
  
  type openvswitch_var_lib_t;
  files_type(openvswitch_var_lib_t)
-@@ -21,23 +18,33 @@ files_type(openvswitch_var_lib_t)
+@@ -21,23 +18,34 @@ files_type(openvswitch_var_lib_t)
  type openvswitch_log_t;
  logging_log_file(openvswitch_log_t)
  
@@ -53329,6 +53363,7 @@ index 508fedf..a499612 100644
 -allow openvswitch_t self:rawip_socket create_socket_perms;
 -allow openvswitch_t self:unix_stream_socket { accept connectto listen };
 +allow openvswitch_t self:unix_stream_socket { create_stream_socket_perms connectto };
++allow openvswitch_t self:tcp_socket create_stream_socket_perms;
 +allow openvswitch_t self:netlink_socket create_socket_perms;
 +allow openvswitch_t self:netlink_route_socket rw_netlink_socket_perms;
  
@@ -53343,7 +53378,7 @@ index 508fedf..a499612 100644
  
  manage_dirs_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_lib_t)
  manage_files_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_lib_t)
-@@ -45,45 +52,53 @@ manage_lnk_files_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_l
+@@ -45,45 +53,56 @@ manage_lnk_files_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_l
  files_var_lib_filetrans(openvswitch_t, openvswitch_var_lib_t, { dir file lnk_file })
  
  manage_dirs_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t)
@@ -53369,12 +53404,14 @@ index 508fedf..a499612 100644
 -
  kernel_read_network_state(openvswitch_t)
  kernel_read_system_state(openvswitch_t)
--
++kernel_request_load_module(openvswitch_t)
+ 
 -corenet_all_recvfrom_unlabeled(openvswitch_t)
 -corenet_all_recvfrom_netlabel(openvswitch_t)
 -corenet_raw_sendrecv_generic_if(openvswitch_t)
 -corenet_raw_sendrecv_generic_node(openvswitch_t)
-+kernel_request_load_module(openvswitch_t)
++corenet_tcp_bind_generic_node(openvswitch_t)
++corenet_tcp_bind_openvswitch_port(openvswitch_t)
  
  corecmd_exec_bin(openvswitch_t)
 +corecmd_exec_shell(openvswitch_t)
@@ -62059,7 +62096,7 @@ index 00edeab..166e9c3 100644
 +	read_files_pattern($1, procmail_home_t, procmail_home_t)
  ')
 diff --git a/procmail.te b/procmail.te
-index d447152..73c437c 100644
+index d447152..4a6d5d5 100644
 --- a/procmail.te
 +++ b/procmail.te
 @@ -1,4 +1,4 @@
@@ -62094,7 +62131,7 @@ index d447152..73c437c 100644
  allow procmail_t procmail_log_t:dir setattr_dir_perms;
  create_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
  append_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-@@ -40,89 +44,106 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
+@@ -40,89 +44,107 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
  allow procmail_t procmail_tmp_t:file manage_file_perms;
  files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
  
@@ -62200,6 +62237,7 @@ index d447152..73c437c 100644
  optional_policy(`
 -	cyrus_stream_connect(procmail_t)
 +	dovecot_stream_connect(procmail_t)
++	dovecot_read_config(procmail_t)
  ')
  
  optional_policy(`
@@ -62238,11 +62276,12 @@ index d447152..73c437c 100644
  ')
  
  optional_policy(`
-@@ -131,6 +152,8 @@ optional_policy(`
+@@ -131,6 +153,9 @@ optional_policy(`
  ')
  
  optional_policy(`
 +	mta_read_config(procmail_t)
++	mta_mailserver_delivery(procmail_t)
 +	mta_manage_home_rw(procmail_t)
  	sendmail_domtrans(procmail_t)
  	sendmail_signal(procmail_t)
@@ -83431,7 +83470,7 @@ index 1499b0b..6950cab 100644
 -	spamassassin_role($2, $1)
  ')
 diff --git a/spamassassin.te b/spamassassin.te
-index 4faa7e0..4babad1 100644
+index 4faa7e0..a776c2c 100644
 --- a/spamassassin.te
 +++ b/spamassassin.te
 @@ -1,4 +1,4 @@
@@ -83510,7 +83549,7 @@ index 4faa7e0..4babad1 100644
  type spamd_initrc_exec_t;
  init_script_file(spamd_initrc_exec_t)
  
-@@ -72,87 +39,196 @@ type spamd_log_t;
+@@ -72,87 +39,197 @@ type spamd_log_t;
  logging_log_file(spamd_log_t)
  
  type spamd_spool_t;
@@ -83712,6 +83751,7 @@ index 4faa7e0..4babad1 100644
 +	userdom_manage_user_home_content_dirs(spamd_t)
 +	userdom_manage_user_home_content_files(spamd_t)
 +	userdom_manage_user_home_content_symlinks(spamd_t)
++	userdom_exec_user_bin_files(spamd_t)
  ')
  
 -tunable_policy(`use_samba_home_dirs',`
@@ -83729,7 +83769,7 @@ index 4faa7e0..4babad1 100644
  		nis_use_ypbind_uncond(spamassassin_t)
  	')
  ')
-@@ -160,6 +236,8 @@ optional_policy(`
+@@ -160,6 +237,8 @@ optional_policy(`
  optional_policy(`
  	mta_read_config(spamassassin_t)
  	sendmail_stub(spamassassin_t)
@@ -83738,7 +83778,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  ########################################
-@@ -167,72 +245,85 @@ optional_policy(`
+@@ -167,72 +246,85 @@ optional_policy(`
  # Client local policy
  #
  
@@ -83855,7 +83895,7 @@ index 4faa7e0..4babad1 100644
  
  optional_policy(`
  	abrt_stream_connect(spamc_t)
-@@ -243,6 +334,7 @@ optional_policy(`
+@@ -243,6 +335,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -83863,7 +83903,7 @@ index 4faa7e0..4babad1 100644
  	evolution_stream_connect(spamc_t)
  ')
  
-@@ -251,52 +343,55 @@ optional_policy(`
+@@ -251,52 +344,55 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -83944,7 +83984,7 @@ index 4faa7e0..4babad1 100644
  logging_log_filetrans(spamd_t, spamd_log_t, file)
  
  manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-@@ -308,7 +403,8 @@ manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
+@@ -308,7 +404,8 @@ manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
  manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
  files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
  
@@ -83954,7 +83994,7 @@ index 4faa7e0..4babad1 100644
  manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
  manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
  
-@@ -317,12 +413,13 @@ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
+@@ -317,12 +414,13 @@ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
  manage_sock_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
  files_pid_filetrans(spamd_t, spamd_var_run_t, { file dir })
  
@@ -83970,7 +84010,7 @@ index 4faa7e0..4babad1 100644
  corenet_all_recvfrom_netlabel(spamd_t)
  corenet_tcp_sendrecv_generic_if(spamd_t)
  corenet_udp_sendrecv_generic_if(spamd_t)
-@@ -331,78 +428,58 @@ corenet_udp_sendrecv_generic_node(spamd_t)
+@@ -331,78 +429,58 @@ corenet_udp_sendrecv_generic_node(spamd_t)
  corenet_tcp_sendrecv_all_ports(spamd_t)
  corenet_udp_sendrecv_all_ports(spamd_t)
  corenet_tcp_bind_generic_node(spamd_t)
@@ -84073,7 +84113,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -421,21 +498,13 @@ optional_policy(`
+@@ -421,21 +499,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -84097,7 +84137,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -443,8 +512,8 @@ optional_policy(`
+@@ -443,8 +513,8 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -84107,7 +84147,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -455,7 +524,12 @@ optional_policy(`
+@@ -455,7 +525,12 @@ optional_policy(`
  optional_policy(`
  	razor_domtrans(spamd_t)
  	razor_read_lib_files(spamd_t)
@@ -84121,7 +84161,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -463,9 +537,9 @@ optional_policy(`
+@@ -463,9 +538,9 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -84132,7 +84172,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -474,32 +548,32 @@ optional_policy(`
+@@ -474,32 +549,32 @@ optional_policy(`
  
  ########################################
  #
@@ -84175,7 +84215,7 @@ index 4faa7e0..4babad1 100644
  
  corecmd_exec_bin(spamd_update_t)
  corecmd_exec_shell(spamd_update_t)
-@@ -508,25 +582,21 @@ dev_read_urand(spamd_update_t)
+@@ -508,25 +583,21 @@ dev_read_urand(spamd_update_t)
  
  domain_use_interactive_fds(spamd_update_t)
  
@@ -97185,7 +97225,7 @@ index dd63de0..38ce620 100644
 -	admin_pattern($1, zabbix_tmpfs_t)
  ')
 diff --git a/zabbix.te b/zabbix.te
-index 46e4cd3..8f76086 100644
+index 46e4cd3..134560e 100644
 --- a/zabbix.te
 +++ b/zabbix.te
 @@ -6,7 +6,7 @@ policy_module(zabbix, 1.5.3)
@@ -97301,7 +97341,7 @@ index 46e4cd3..8f76086 100644
  corecmd_read_all_executables(zabbix_agent_t)
  
  corenet_all_recvfrom_unlabeled(zabbix_agent_t)
-@@ -182,7 +185,6 @@ domain_search_all_domains_state(zabbix_agent_t)
+@@ -182,16 +185,20 @@ domain_search_all_domains_state(zabbix_agent_t)
  files_getattr_all_dirs(zabbix_agent_t)
  files_getattr_all_files(zabbix_agent_t)
  files_read_all_symlinks(zabbix_agent_t)
@@ -97309,7 +97349,9 @@ index 46e4cd3..8f76086 100644
  
  fs_getattr_all_fs(zabbix_agent_t)
  
-@@ -190,8 +192,11 @@ init_read_utmp(zabbix_agent_t)
++auth_use_nsswitch(zabbix_agent_t)
++
+ init_read_utmp(zabbix_agent_t)
  
  logging_search_logs(zabbix_agent_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8d1929d..9f852af 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 74.18%{?dist}
+Release: 74.19%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -542,6 +542,17 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon Feb 24 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.19
+- Added var_lib filetrans in iscsi policy
+- Allow iscsi to manage iscsi_var_lib_t files and dirs
+- Fixed openvswitch policy
+- zabbix_agent uses nsswitch
+- Allow procmail and dovecot to work together to deliver mail
+- Allow spamd to execute files in homedir if boolean turned on
+- Allow openvswitch to listen on port 6634
+- Allow mailserver_domains to manage and transition to mailman data
+- Add label for openvswitch port
+
 * Tue Feb 11 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.18
 - Allow mailserver_domains to manage and transition to mailman data
 - Fixed broken interface in milter policy