From 4fd44dc0f663b85cb897530a748843f79c9e4660 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 8 Dec 2015 09:53:02 -0500
Subject: [PATCH] Update Changelog and VERSION for release.

---
 Changelog              | 87 ++++++++++++++++++++++++++++++++++++++++++
 VERSION                |  2 +-
 policy/modules/contrib |  2 +-
 3 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index 1f531855a..617f49ec3 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,90 @@
+* Tue Dec 08 2015 Chris PeBenito <selinux@tresys.com> - 2.20151208
+Alexander Wetzel (1):
+      adds vfio device support to base policy
+
+Chris PeBenito (48):
+      Module version bump for optional else block removal from Steve Lawrence.
+      Add always_check_network policy capability.
+      Update contrib.
+      Fix domain_mmap_low() to be a proper tunable.
+      Add initial Travis CI configuration.
+      Travis CI already exports variables.
+      Add validate target for monolithic policy.
+      Update contrib.
+      Use matrix keyword to simplify travis-ci build definitions.
+      Undo last commit.
+      Simplify travis-ci build handling of SELinux toolchain.
+      Update contrib.
+      Module version bump for fstools blkid fix from Jason Zaman
+      Update contrib.
+      Module version bump for debufs mount point fc entry from Laurent
+         Bigonville.
+      Module version bump for updated netlink sockets from Stephen Smalley
+      Update contrib.
+      Module version bump for init_startstop_service from Jason Zaman.
+      Update contrib.
+      Change CI tests to drop DIRECT_INITRC.
+      Module version bumps for further init_startstop_service() changes from
+         Jason Zaman.
+      Module version bump for admin interface changes from Jason Zaman.
+      Update contrib.
+      Module version bumps for admin interfaces from Jason Zaman.
+      Module version bump for cron_admin for sysadm from Jason Zaman.
+      Module version bump for ssh-agent -k fix from Luis Ressel.
+      Module version bump for APR build script labeling from Luis Ressel.
+      Module version bump for vfio device from Alexander Wetzel.
+      Update contrib.
+      Rearrange lines in ipsec.te.
+      Module version bump for patches from Jason Zaman/Matthias Dahl.
+      Add systemd build option.
+      Add systemd access vectors.
+      Implement core systemd policy.
+      Add supporting rules for domains tightly-coupled with systemd.
+      Add rules for sysadm_r to manage the services.
+      Add systemd units for core refpolicy services.
+      Add sysfs_types attribute.
+      Add refpolicy core socket-activated services.
+      Change policy_config_t to a security file type.
+      Merge branch 'pebenito-master'
+      Module version bump for systemd additions.
+      Update contrib for dbus systemd fix.
+      Revise selinux module interfaces for perms protected by neverallows.
+      Remove bad interface in systemd.if.
+      Module version bump for utempter Debian helper from Laurent Bigonville.
+      Update contrib.
+      Bump module versions for release.
+
+Jason Zaman (13):
+      fstools: add in filetrans for /run dir
+      Introduce init_startstop_service interface
+      logging: use init_startstop_service in _admin interface
+      postgresql: use init_startstop_service in _admin interface
+      Add openrc support to init_startstop_service
+      Introduce iptables_admin
+      Add all the missing _admin interfaces to sysadm
+      Introduce lvm_admin interface
+      Introduce ipsec_admin interface
+      Introduce setrans_admin interface
+      add new cron_admin interface to sysadm
+      Add overlayfs as an XATTR capable fs
+      system/ipsec: Add policy for StrongSwan
+
+Laurent Bigonville (4):
+      Add fc for /sys/kernel/debug as debugfs_t
+      Add "binder" security class and access vectors
+      Properly label utempter helper on debian
+      Allow the user cronjobs to run in their userdomain
+
+Luis Ressel (2):
+      Allow ssh-agent to send signals to itself
+      Mark APR build scripts as bin_t
+
+Stephen Smalley (1):
+      Update netlink socket classes.
+
+Steve Lawrence (1):
+      Remove optional else block for dhcp ping
+
 * Wed Dec 03 2014 Chris PeBenito <selinux@tresys.com> - 2.20141203
 Artyom Smirnov (3):
       New database object classes
diff --git a/VERSION b/VERSION
index a9e484098..382483ec9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.20141203
+2.20151208
diff --git a/policy/modules/contrib b/policy/modules/contrib
index 6236e1121..db307d1f1 160000
--- a/policy/modules/contrib
+++ b/policy/modules/contrib
@@ -1 +1 @@
-Subproject commit 6236e11218db7aecc92cf59f3d9e937e810ac3a2
+Subproject commit db307d1f1d43e10c4405c0aa925a014b2934e853