I've pushed revision 4 of the SELinux policies to the hardened-dev overlay.
This one contains the following changes since before:
<no bug> Update patch for DHCP LDAP support to use a tunable (dhcp_use_ldap)
<no bug> Correct clamav_var_log_t usage (instead of clamav_log_t, which doesn't exist)
<no bug> Allow gorg to signal itself
<no bug> Make sure mozilla_plugin_t is allowed for mozilla_roles (role attribute) as well
Users that have an LDAP backend for DHCP might want to enable the
dhcp_use_ldap boolean after upgrade as the support for LDAP backends has
been made optional.
Other than that, I have yet to confirm that the RDEPEND in
selinux-base-policy on selinux-base is incorrect or not (probably is). What
I need to make sure is that, if it changes to DEPEND, that the file
collisions that are otherwise introduced (earlier selinux-base-policy files
are now in selinux-base) do not interfere with a regular update.
This should be easy to check, I just need to upgrade my VMs currently and
will not be able to do the checks until tomorrow.