- Allow all domains to read /proc/sys/vm/overcommit_memory
    - Make proc_numa_t an MLS Trusted Object
    - Add /proc/numactl support for confined users
    - Allow ssh_t to connect to any port > 1023
    - Add openvswitch domain
    - Pulseaudio tries to create directories in gnome_home_t directories
    - New ypbind pkg wants to search /var/run which is caused by sd_notify
    - Allow NM to read certs on NFS/CIFS using use_nfs_*, use_samba_* booleans
    - Allow sanlock to read /dev/random
    - Treat php-fpm with httpd_t
    - Allow domains that can read named_conf_t to be able to list the directories
    - Allow winbind to create sock files in /var/run/samba