- Allow logrotate to read /sys
    - Allow mandb to setattr on man dirs
    - label /usr/bin/yum-builddep as rpm_exec_t
    - Remove init_daemon_run_dir from CUPS policy
    - Backport cups+hplip merge from rawhide
    - Allow munin CGI scritp to search munin logs
    - Allow quantum to connect to amqp port
    - Allow jabberd to connect to jabber_interserver_port_t
    - Fix authconfig.py labeling
    - Fix fcoemon policy
    - Allow kdumpgui to manage bootloader_config
    - Allow httpd_collectd_script to read /etc/passwd
    - Allow milter domains to read /dev/random
    - Allow nmbd_t to create samba_var_t directories
    - Allow logrotote to getattr on all file sytems
    - fcoemon wants also net_raw cap. We have net_admin cap.
    - Allow gpg-agent to access fips_enabled file
    - Allow collectd to read utmp
    - Backport munin policy from rawhide
    - Allow kadmind to read /etc/passwd
    - Dontaudit append .xsession-errors file on ecryptfs for  policykit-auth
    - Allow chrome_nacl to execute /dev/zero
    - Label /usr/lib64/security/pam_krb5/pam_krb5_cchelperas bin_t
    - Add fs_dontaudit_append_fusefs_files() interface
    - Allow systemd domains to talk to kernel_t using unix_dgram_socket
    - Add miscfiles_setattr_man_pages()
    - Add manage interface to be used bu kdumpgui
    - Localectl needs to be able to send dbus signals to users
    - Hostname needs to send syslog messages
    - Add stream support for mpd, accessible from users