* Mon Aug 24 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-128.12
    - Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080)
    - Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764)
    - Add interface dnssec_trigger_sigkill
    - Allow smsd use usb ttys. BZ(#1250536)
    - Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
    - Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
    - Allow openhpid_t to read system state.
    - Add temporary fixes for sandbox related to #1103622. It allows to run everything under one sandbox type.
    - Added labels for files provided by rh-nginx18 collection
    - Dontaudit block_suspend capability for ipa_helper_t, this is kernel bug. Allow ipa_helper_t capability net_admin. Allow ipa_helper_t to list /tmp. Allow ipa_helper_t to read rpm db.
    - Allow rhsmcertd exec rhsmcertd_var_run_t files and rhsmcerd_tmp_t files. This rules are in hide_broken_sympthons until we find better solution.
    - Allow abrt_dump_oops_t to read proc_security_t files.
    - Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all domains state Allow abrt_dump_oops to ptrace all domains
    - Add interface abrt_dump_oops_domtrans()
    - Allow systemd-sysctl cap. sys_ptrace  BZ(1253926)
    - Add label for kernel module dep files in /usr/lib/modules
    - Allow kernel_t domtrans to abrt_dump_oops_t
    - Added to files_dontaudit_write_all_mountpoints intefface new dontaudit rule, that domain included this interface dontaudit capability dac_override.