* Wed Apr 10 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-28
- Fix broken networkmanager interface for allowing manage lib files for dnsmasq_t
- Allow tlp_t domain also write to nvme_devices block devices BZ(1696943)
- Remove travis.yml file from f30 branch, we have CI for Fedora Rawhide thats should be enough.
- Fix typo in rhsmcertd SELinux module
- Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files
- Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t
- Revert bad fix breaking gnome_filetrans_fontconfig_home_content()
- /var/lib/rsyslog should have mls system high on MLS enabled system
- Allow systemd-logind read and write user domain terminals BZ(1696852)
- Allow systemd_modules_load to read modules_dep_t files
- Allow systemd labeled as init_t to setattr on unallocated ttys BZ(1697667)
- Allow unconfined users to use vsock unlabeled sockets
- Add interface kernel_rw_unlabeled_vsock_socket()
- Allow unconfined users to use smc unlabeled sockets
- Add interface kernel_rw_unlabeled_smc_socket
- Remove duplicate definition of kernel_rw_kernel_sysctl()
- Allow systemd_resolved_t domain to read system network state BZ(1697039)
- Allow systemd to mounton kernel sysctls BZ(1696201)
- Add interface kernel_mounton_kernel_sysctl() BZ(1696201)
- Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t
- Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201
- Introduce new type pkcs11_modules_conf_t.