- Fix allow rules for postfix_var_run
    - Allow cobblerd to read /etc/passwd
    - Allow keystonte_t to execute rpm
    - Allow tcpd to execute leafnode
    - Allow glance-api to connect to http port to make glance image-create workin
    - Allow postfix-showq to read/write unix.showq in /var/spool/postfix/pid
    - Allow virsh to read xen lock file
    - Allow qemu-ga to create files in /run with proper labeling
    - Allow glusterd to connect to own socket in /tmp
    - Allow unbound net_admin capability because of setsockopt syscall
    - Allow mout to stream connect to rpcbind