- Allow gdm to create /var/gdm with correct labeling
- Allow domains to append rkhunterl lib files. #1057982
- Allow systemd_tmpfiles_t net_admin to communicate with journald
- Add interface to getattr on an isid_type for any type of file
- Update libs_filetrans_named_content() to have support for /usr/lib/debug directory
- Allow initrc_t domtrans to authconfig if unconfined is enabled
- Allow docker and mount on devpts chr_file
- Allow docker to transition to unconfined_t if boolean set
- init calling needs to be optional in domain.te
- Allow uncofined domain types to handle transient unit files
- Fix labeling for vfio devices
- Allow net_admin capability and send system log msgs
- Allow lldpad send dgram to NM
- Add networkmanager_dgram_send()
- rkhunter_var_lib_t is correct type
- Back port pcp policy from rawhide
- Allow openlmi-storage to read removable devices
- Allow system cron jobs to manage rkhunter lib files
- Add rkhunter_manage_lib_files()
- Fix ftpd_use_fusefs boolean to allow manage also symlinks
- Allow smbcontrob block_suspend cap2
- Allow slpd to read network and system state info
- Allow NM domtrans to iscsid_t if iscsiadm is executed
- Allow slapd to send a signal itself
- Allow sslget running as pki_ra_t to contact port 8443, the secure port of the CA.
- Fix plymouthd_create_log() interface
- Add rkhunter policy with files type definition for /var/lib/rkhunter until it is fixed in rkhunter package
- Add mozilla_plugin_exec_t for /usr/lib/firefox/plugin-container
- Allow postfix and cyrus-imapd to work out of box
- Allow fcoemon to talk with unpriv user domain using unix_stream_socket
- Dontaudit domains that are calling into journald to net_admin
- Add rules to allow vmtools to do what it does
- snapperd is D-Bus service
- Allow OpenLMI PowerManagement to call 'systemctl --force reboot'
- Add haproxy_connect_any boolean
- Allow haproxy also to use http cache port by default
- Allow haproxy to work as simple HTTP proxy. HAProxy For TCP And HTTP Based Applications
- Allow docker to use the network and build images
- Allow docker to read selinux files for labeling, and mount on devpts chr_file
- Allow domains that transition to svirt_sandbox to send it signals