From f28e0cf9ffe404e7f51f4e3cdf45da60ab5c4e7c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 02 2017 15:24:01 +0000
Subject: import selinux-policy-3.13.1-102.el7_3.15


---

diff --git a/SOURCES/policy-rhel-7.3.z-contrib.patch b/SOURCES/policy-rhel-7.3.z-contrib.patch
index 786a62c..f0bd107 100644
--- a/SOURCES/policy-rhel-7.3.z-contrib.patch
+++ b/SOURCES/policy-rhel-7.3.z-contrib.patch
@@ -126,6 +126,19 @@ index ce1ca24..4c9f2b6 100644
      ldap_systemctl(cluster_t)
  ')
  
+diff --git a/sssd.te b/sssd.te
+index 87e70a6..6130385 100644
+--- a/sssd.te
++++ b/sssd.te
+@@ -43,7 +43,7 @@ role system_r types sssd_selinux_manager_t;
+ 
+ allow sssd_t self:capability { ipc_lock chown dac_read_search dac_override kill net_admin sys_nice fowner setgid setuid sys_admin sys_resource };
+ allow sssd_t self:capability2 block_suspend;
+-allow sssd_t self:process { setfscreate setsched sigkill signal getsched setrlimit };
++allow sssd_t self:process { setfscreate setsched sigkill signal getsched setrlimit setpgid};
+ allow sssd_t self:fifo_file rw_fifo_file_perms;
+ allow sssd_t self:key manage_key_perms;
+ allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 diff --git a/virt.if b/virt.if
 index 2397aeb..17156a6 100644
 --- a/virt.if
diff --git a/SOURCES/selinux-policy-migrate-local-changes.sh b/SOURCES/selinux-policy-migrate-local-changes.sh
index 7d4f1f8..efeab43 100755
--- a/SOURCES/selinux-policy-migrate-local-changes.sh
+++ b/SOURCES/selinux-policy-migrate-local-changes.sh
@@ -34,12 +34,18 @@ fi
 INSTALL_MODULES=""
 for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*disabled 2> /dev/null`; do
     module=`basename $i | sed 's/\.pp\.disabled$//'`
+    if [ $module == "pkcsslotd" ] || [ $module == "vbetool" ]; then
+        continue
+    fi
     if [ -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
         touch /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/disabled/$module
     fi
 done
 for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*.pp 2> /dev/null`; do
     module=`basename $i | sed 's/\.pp$//'`
+    if [ $module == "pkcsslotd" ] || [ $module == "vbetool" ]; then
+        continue
+    fi
     if [ ! -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
         INSTALL_MODULES="${INSTALL_MODULES} $i"
     fi
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index a55bfcf..b71125d 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 102%{?dist}.13
+Release: 102%{?dist}.15
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -643,6 +643,14 @@ fi
 %endif
 
 %changelog
+* Tue Feb 07 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-102.15
+- Allow sssd_t domain setpgid
+Resolves:rhbz#1419836
+
+* Wed Jan 11 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-102.14
+- Upgrade fails %post: Re-declaration of type pkcsslotd_t
+Resolves: rhbz#1411660
+
 * Mon Jan 09 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-102.13
 - Allow systemd container to read/write usermodehelperstate
 Resolves: rhbz#1408126