From c20931323a2e3b7b2d25d8dc912a4b2a3e7893d4 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Sun, 14 Jan 2018 14:08:09 -0500
Subject: [PATCH] Update Changelog and VERSION for release.

---
 Changelog              | 210 +++++++++++++++++++++++++++++++++++++++++
 VERSION                |   2 +-
 policy/modules/contrib |   2 +-
 3 files changed, 212 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index ed68767c2..b0310fbb9 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,213 @@
+* Sun Jan 14 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180114
+Adam Duskett (1):
+      fix regex escape sequence error.
+
+Anthony PERARD (1):
+      Update for Xen 4.7
+
+Chad Hanson (1):
+      Fix implementation of MLS file relabel attributes
+
+Chris PeBenito (74):
+      Module version bump for patches from Guido Trentalancia and Anthony
+         PERARD.
+      Rules.modular: Fix file context verification.
+      Remove deprecated interfaces older than one year old.
+      .travis.yml: Use git tag instead of release tarball for selinux userspace.
+      kernel: Module version bump for patch from Nicolas Iooss.
+      Remove complement and wildcard in allow rules.
+      logging: Move line.
+      Module version bump for patches from Nicolas Iooss.
+      Module version bump for fixes from Nicolas Iooss.
+      Update contrib.
+      dbus: move comments out of the file context definitions
+      Update contrib.
+      systemd, udev: Module version bump.
+      systemd: Whitespace fix.
+      Module version bump for patches from Nicolas Iooss.
+      init: Move fc lines.
+      init: Module version bump for patch from Dave Sugar.
+      files: Move files_check_write_pid_dirs interface.
+      terminal: Rename term_create_devpts.
+      Several module version bumps.
+      init: Move init_spec_daemon_domain implementation.
+      Module version bumps.
+      init: Rename init_rlimit_inherit to init_inherit_rlimit.
+      init: Whitespace fix.
+      Module version bumps.
+      spamassassin: Fix build error.
+      init: Fix XML error.
+      spamassassin: Add missing requirement in spamassassin_admin().
+      sysadm,fstools: Module version bump.
+      authlogin, logging, udev: Module version bump.
+      init: Remove sm-notify.pid fc entry which collides with the rpc module.
+      corecommands, xserver, systemd, userdomain: Version bumps.
+      Update contrib.
+      Update contrib.
+      corecommands: Module version bump.
+      init: Module version bump.
+      Merge pull request #125 from lalozano/master
+      devices: Module version bump.
+      Module version bumps.
+      Merge branch 'master' of git://github.com/davidgraz/refpolicy
+      ipsec: Module version bump.
+      Merge branch 'master' of git://github.com/aduskett/refpolicy
+      init: Clean up line placement in init_systemd blocks.
+      files: Whitespace fix.
+      Merge branch 'systemd-networkd'
+      files, init, sysnetwork, systemd: Module version bumps.
+      Merge pull request #128 from williamcroberts/fc-sort-fixups
+      Update contrib.
+      files, netutils: Module version bump.
+      miscfiles: Module version bump.
+      Update contrib.
+      files, userdomain: Module version bump.
+      kernel, mls, sysadm, ssh, xserver, authlogin, locallogin, userdomain:
+         Module version bumps.
+      Several module version bumps.
+      Module version bumps.
+      dmesg, locallogin, modutils: Module version bump.
+      loadable_module.spt: Add debugging comments for tunable_policy blocks.
+      networkmanager: Grant access to unlabeled PKeys
+      filesystem: Rename fs_relabel_cgroup_lnk_files.
+      corcmd, fs, xserver, init, systemd, userdomain: Module version bump.
+      xserver, sysnetwork, systemd: Module version bump.
+      xserver: Module version bump.
+      init: Module version bump.
+      Update contrib.
+      mls, xserver, systemd, userdomain: Module version bump.
+      storage, userdomain: Module version bump.
+      Add new mmap permission set and pattern support macros.
+      Add missing mmap_*_files_pattern macros.
+      Revise mmap_file_perms deprecation warning message.
+      Update contrib.
+      hostname: Module version bump.
+      Update contrib.
+      init: Module version bump.
+      Bump module versions for release.
+
+Christian Göttsche (6):
+      update travis
+      rkhunter: add interfaces for var_run and lock dir access check
+      dphysswapfile: add interfaces and sysadm access
+      hostname: cmdline usage + signal perms sort
+      filesystem: add fs_rw_inherited_hugetlbfs_files for apache module
+      init: add init_rw_inherited_stream_socket
+
+David Graziano (1):
+      system/ipsec: Add signull access for strongSwan
+
+David Sugar (20):
+      Strip spaces from NAME
+      Separate read and write interface for tun_tap_device_t
+      Label RHEL specific systemd binaries
+      Label /etc/rsyslog.d as syslog_conf_t
+      Add init_spec_daemon_domain interface
+      Add status into init_startstop_service interface
+      Add int_rlimit_inherit interface
+      remove interface init_inherit_rlimit
+      Fix problem labeling /run/log/journal/*
+      Denial relabeling /run/systemd/private
+      policy for systemd-networkd
+      Label /var/lib/lightdm-data
+      Change label for ~/.xsession-errors
+      Work around systemd-logind patch not in RHEL 7.x yet
+      RHEL 7.4 has moved the location of /usr/libexec/sesh to
+         /usr/libexec/sudo/sesh
+      Create interfaces to write to inherited xserver log files.
+      label systemd-shutdown so shutdown works
+      Make an attribute for objects in /run/user/%{USERID}/*
+      Make xdm directories created in /run/user/%{USERID}/ xdm_runtime_t
+         (user_runtime_content_type)
+      Allow systemd_logind to delete user_runtime_content_type files
+
+David Sugar via refpolicy (2):
+      label /etc/mcelog/mcelog.setup correctly (for RHEL)
+      Allow xdm_t to read /proc/sys/crypto/fips_enabled
+
+Guido Trentalancia (4):
+      userdomain: allow netlink_kobject_uvent_socket creation
+      xserver: do not audit ioctl operations on log files
+      fc_sort: memory leakages
+      base: create a type for SSL private keys
+
+Jason Zaman (8):
+      Allow sysadm to map all non auth files
+      userdomain: allow admin to rw tape storage
+      files: fcontext for /etc/zfs/zpool.cache
+      mls mcs: Add constraints for key class
+      Add key interfaces and perms
+      gssproxy: Allow others to stream connect
+      userdomain: Allow public content access
+      storage: Add fcontexts for NVMe disks
+
+Jason Zaman via refpolicy (3):
+      udev: map module objects to load kernel modules
+      syslog: allow map persist file
+      sudo: add fcontext for /run/sudo/ts/USERNAME
+
+Konrad Rzeszutek Wilk (2):
+      kernel/xen: Update for Xen 4.6
+      kernel/xen: Add map permission to the dev_rw_xen
+
+Krzysztof Nowicki (2):
+      Add policy for systemd GPT generator
+      Allow systemd to relabel cgroupfs legacy symlinks
+
+Laurent Bigonville (2):
+      Allow domains using sysnet_dns_name_resolve() interface to access NSS
+         mymachines files
+      Add private type for systemd logind inhibit files and pipes
+
+Luis A. Lozano (1):
+      Avoid memory leak warning.
+
+Luis Ressel (15):
+      modutils: libkmod mmap()s modules.dep and *.ko's
+      libraries: ldconfig maps its "aux-cache" during cache updates
+      userdomain: Add various interfaces granting the map permission
+      files: Create files_map_usr_files interface
+      selinuxutil: Add map permissions neccessary for semanage
+      kernel: Add map permission to the dev_{read, write}_sound* interfaces
+      miscfiles: Allow libfontconfig consumers to map the fonts cache
+      userdomain: man-db needs to map its 'index.db' cache
+      logging: Various audit tools (auditctl, ausearch, etc) map their config
+         and logs
+      Grant all permissions neccessary for Xorg and basic X clients
+      libraries: Add fc entry for musl's ld.so config
+      xserver: Allow xdm_t to map usr_t files
+      locallogin: Grant local_login_t the dac_read_search capability
+      dmesg: Grant read access to /usr/share/terminfo
+      modutils: Dontaudit CAP_SYS_ADMIN checks for modprobe
+
+Luis Ressel via refpolicy (2):
+      kernel/files.if: files_list_kernel_modules should grant read perms for
+         symlinks
+      netutils: Grant netutils_t map perms for the packet_socket class
+
+Nicolas Iooss (9):
+      Add module_load permission to self when loading modules is allowed
+      audit: allow reading /etc/localtime
+      corecommands: label dhcpcd hook scripts bin_t
+      Add "/usr/(.*/)?bin(/.*)?" pattern back
+      Allow dhcpcd to use generic netlink and raw IP sockets
+      corecommands: label Arch Linux pacman's scripts as bin_t
+      init: allow systemd to create /dev/pts as devpts_t
+      init: allow systemd to relabel /dev and /run
+      corecommands: label systemd script directories bin_t
+
+Nicolas Iooss via refpolicy (1):
+      terminal: /dev/pts exists in /dev filesystem
+
+Russell Coker (4):
+      systemd nspawn and backlight
+      udev and dhcpd
+      minor nspawn, dnsmasq, and mon patches
+      refpolicy and certs
+
+William Roberts (1):
+      fc_sort: use calloc instead of malloc
+
 * Sat Aug 05 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170805
 Chris PeBenito (134):
       Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.
diff --git a/VERSION b/VERSION
index 700349564..838b57169 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.20170805
+2.20180114
diff --git a/policy/modules/contrib b/policy/modules/contrib
index ab37489eb..5f246ef91 160000
--- a/policy/modules/contrib
+++ b/policy/modules/contrib
@@ -1 +1 @@
-Subproject commit ab37489eb78c4e02d57a10d0c88949d40236f3b0
+Subproject commit 5f246ef917fa909f359aec0c561a64513651e8fe