- Fix allow rules for postfix_var_run
- Allow cobblerd to read /etc/passwd
- Allow keystonte_t to execute rpm
- Allow tcpd to execute leafnode
- Allow glance-api to connect to http port to make glance image-create workin
- Allow postfix-showq to read/write unix.showq in /var/spool/postfix/pid
- Allow virsh to read xen lock file
- Allow qemu-ga to create files in /run with proper labeling
- Allow glusterd to connect to own socket in /tmp
- Allow unbound net_admin capability because of setsockopt syscall
- Allow mout to stream connect to rpcbind