* Wed Sep 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-2
    - Allow zabbix_t domain to manage zabbix_var_lib_t sock files and connect to unix_stream_socket
    - Dontaudit sandbox web types to setattr lib_t dirs
    - Dontaudit system_mail_t domains to check for existence other applications on system BZ(1747369)
    - Allow haproxy_t domain to read network state of system
    - Allow processes labeled as keepalived_t domain to get process group
    - Introduce dbusd_unit_file_type
    - Allow pesign_t domain to read/write named cache files.
    - Label /var/log/hawkey.log as rpm_log_t and update rpm named filetrans interfaces.
    - Allow httpd_t domain to read/write named_cache_t files
    - Add new interface bind_rw_cache()
    - Allow cupsd_t domain to create directory with name ppd in dirs labeled as cupsd_etc_t with label cupsd_rw_etc_t.
    - Update cpucontrol_t SELinux policy
    - Allow pcp_pmcd_t domain to bind on udp port labeled as statsd_port_t
    - Run lldpd service as lldpad_t.
    - Allow spamd_update_t domain to create unix dgram sockets.
    - Update dbus role template for confined users to allow login into x session
    - Label /usr/libexec/microcode_ctl/reload_microcode as cpucontrol_exec_t
    - Fix typo in networkmanager_append_log() interface
    - Update collectd policy to allow daemon create /var/log/collectd with collectd_log_t label
    - Allow login user type to use systemd user session
    - Allow xdm_t domain to start dbusd services.
    - Introduce new type xdm_unit_file_t
    - Remove allowing all domain to communicate over pipes with all domain under rpm_transition_domain attribute
    - Allow systemd labeled as init_t to remove sockets with tmp_t label BZ(1745632)
    - Allow ipsec_t domain to read/write named cache files
    - Allow sysadm_t to create hawkey log file with rpm_log_t SELinux label
    - Allow domains systemd_networkd_t and systemd_logind_t to chat over dbus
    - Label udp 8125 port as statsd_port_t