+- make consoletype_exec optional, so we can remove consoletype policy
+- remove unconfined_permisive.patch
+- Allow openvpn_t to inherit user home content and tmp content
+- Fix dnssec-trigger labeling
+- Turn on obex policy for staff_t
+- Pem files should not be secret
+- Add lots of rules to fix AVC's when playing with containers
+- Fix policy for dnssec
+- Label ask-passwd directories correctly for systemd