* Thu Jan 29 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-105.1
- Add unconfined_setsched() interface
- Add ipsec_rw_inherited_pipes() interface.
- Update seutil_manage_config() interface.
- journald now reads the netlink audit socket
- Update ipsec_manage_pid() interface.
- Allow netutils chown capability to make tcpdump working with -w
- Label /ostree/deploy/rhel-atomic-host/deploy directory as
system_conf_t.
- Allow ipsec to execute _updown.netkey script to run unbound-control.
- Add auditing support for ipsec.
- Allow nut_upsmon_t to read random_device_t. BZ(1186072)
- Allow fowner capability for sssd because of selinux_child handling.
- ALlow bind to read/write inherited ipsec pipes
- Allow hypervkvp to read /dev/urandom and read addition
states/config files.
- Allow cluster domain to dbus chat with systemd-logind.
- Allow gluster rpm scripletto create glusterd socket with correct
labeling. This is a workaround until we get fix in glusterd
- Add glusterd_filetrans_named_pid() interface.
- Allow radiusd to connect to radsec ports.
- Allow setuid/setgid for selinux_child.
- Allow pingd to read /dev/urandom. BZ(1181831)
- Allow lsmd plugin to connect to tcp/5989 by default.
- pkcsslotd_lock_t should be an alias for pkcs_slotd_lock_t.
- Allow docker_t to changes it rlimit
- Allow docker to setsched on unconfined_t user
- Dontaudit couchdb search in gconf_home_t. BZ(1177717)
- Call correct macro in virt_read_content().
- Allow neutron to read rpm DB.
- Add labeling for pacemaker.log.
- Allow radius to connect/bind radsec ports.
- Allow pm-suspend running as virt_qemu_ga to read
/var/log/pm-suspend.log.
- Add devicekit_read_log_files()
- Allow virt_qemu_ga to dbus chat with rpm.
- Update virt_read_content() interface to allow read also char
devices.