* Wed Jul 10 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-40
    - Update dbusd policy and netowrkmanager to allow confined users to connect to vpn over NetworkManager
    - Allow glusterd_t domain to setpgid
    - Allow lsmd_t domain to execute /usr/bin/debuginfo-install
    - Allow sbd_t domain to manage cgroup dirs
    - Allow opafm_t domain to modify scheduling information of another process.
    - Allow wireshark_t domain to create netlink netfilter sockets
    - Allow gpg_agent_t domain to use nsswitch
    - Allow httpd script types to mmap httpd rw content
    - Allow dkim_milter_t domain to execute shell BZ(17116937)
    - Allow sbd_t domain to use nsswitch
    - Allow rhsmcertd_t domain to send signull to all domains
    - Allow snort_t domain to create netlink netfilter sockets BZ(1723184)
    - Dontaudit blueman to read state of all domains on system BZ(1722696)
    - Allow boltd_t domain to use ps and get state of all domains on system. BZ(1723217)
    - Allow rtkit_daemon_t to uise sys_ptrace usernamespace capability BZ(1723308)
    - Replace "-" by "_" in types names
    - Change condor_domain declaration in condor_systemctl
    - Allow firewalld_t domain to read iptables_var_run_t files BZ(1722405)
    - Allow spamd_update_t domain to read state of other domains and can execute itself
    - Fix all interfaces which cannot by compiled because of typos
    - Allow X userdomains to mmap user_fonts_cache_t dirs
    - Allow auditd_t domain to send signals to audisp_remote_t domain
    - Allow systemd labeled as init_t domain to read/write faillog_t. BZ(1723132)
    - Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files
    - Add interface kernel_relabelfrom_usermodehelper()
    - Dontaudit unpriv_userdomain to manage boot_t files
    - Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)
    - Allow systemd to execute bootloader grub2-set-bootflag BZ(1722531)
    - Allow associate efivarfs_t on sysfs_t