- Allow setroubleshoot to getattr on all executables
    - Allow tuned to execute profiles scripts in /etc/tuned
    - Allow apache to create directories to store its log files
    - Allow all directories/files in /var/log starting with passenger to be labele
    - Looks like apache is sending sinal to openshift_initrc_t now,needs back port
    - Allow Postfix to be configured to listen on TCP port 10026 for email from DS
    - Add filename transition for /etc/tuned/active_profile
    - Allow condor_master to send mails
    - Allow condor_master to read submit.cf
    - Allow condor_master to create /tmp files/dirs
    - Allow condor_mater to send sigkill to other condor domains
    - Allow condor_procd sigkill capability
    - tuned-adm wants to talk with tuned daemon
    - Allow kadmind and krb5kdc to also list sssd_public_t
    - Allow accountsd to dbus chat with init
    - Fix git_read_generic_system_content_files() interface
    - pppd wants sys_nice by nmcli because of "syscall=sched_setscheduler"
    - Fix mozilla_plugin_can_network_connect to allow to connect to all ports
    - Label all munin plugins which are not covered by munin plugins policy  as un
    - dspam wants to search /var/spool for opendkim data
    - Revert "Add support for tcp/10026 port as dspam_port_t"
    - Turning on labeled networking requires additional access for netlabel_peer_t
    - Allow all application domains to use fifo_files passed in from userdomains,
    - Allow systemd_tmpfiles_t to setattr on mandb_cache_t