- Allow logrotate to read /sys
- Allow mandb to setattr on man dirs
- label /usr/bin/yum-builddep as rpm_exec_t
- Remove init_daemon_run_dir from CUPS policy
- Backport cups+hplip merge from rawhide
- Allow munin CGI scritp to search munin logs
- Allow quantum to connect to amqp port
- Allow jabberd to connect to jabber_interserver_port_t
- Fix authconfig.py labeling
- Fix fcoemon policy
- Allow kdumpgui to manage bootloader_config
- Allow httpd_collectd_script to read /etc/passwd
- Allow milter domains to read /dev/random
- Allow nmbd_t to create samba_var_t directories
- Allow logrotote to getattr on all file sytems
- fcoemon wants also net_raw cap. We have net_admin cap.
- Allow gpg-agent to access fips_enabled file
- Allow collectd to read utmp
- Backport munin policy from rawhide
- Allow kadmind to read /etc/passwd
- Dontaudit append .xsession-errors file on ecryptfs for policykit-auth
- Allow chrome_nacl to execute /dev/zero
- Label /usr/lib64/security/pam_krb5/pam_krb5_cchelperas bin_t
- Add fs_dontaudit_append_fusefs_files() interface
- Allow systemd domains to talk to kernel_t using unix_dgram_socket
- Add miscfiles_setattr_man_pages()
- Add manage interface to be used bu kdumpgui
- Localectl needs to be able to send dbus signals to users
- Hostname needs to send syslog messages
- Add stream support for mpd, accessible from users