- Allow setroubleshoot to getattr on all executables
- Allow tuned to execute profiles scripts in /etc/tuned
- Allow apache to create directories to store its log files
- Allow all directories/files in /var/log starting with passenger to be labele
- Looks like apache is sending sinal to openshift_initrc_t now,needs back port
- Allow Postfix to be configured to listen on TCP port 10026 for email from DS
- Add filename transition for /etc/tuned/active_profile
- Allow condor_master to send mails
- Allow condor_master to read submit.cf
- Allow condor_master to create /tmp files/dirs
- Allow condor_mater to send sigkill to other condor domains
- Allow condor_procd sigkill capability
- tuned-adm wants to talk with tuned daemon
- Allow kadmind and krb5kdc to also list sssd_public_t
- Allow accountsd to dbus chat with init
- Fix git_read_generic_system_content_files() interface
- pppd wants sys_nice by nmcli because of "syscall=sched_setscheduler"
- Fix mozilla_plugin_can_network_connect to allow to connect to all ports
- Label all munin plugins which are not covered by munin plugins policy as un
- dspam wants to search /var/spool for opendkim data
- Revert "Add support for tcp/10026 port as dspam_port_t"
- Turning on labeled networking requires additional access for netlabel_peer_t
- Allow all application domains to use fifo_files passed in from userdomains,
- Allow systemd_tmpfiles_t to setattr on mandb_cache_t