- Allow abrt to manage mock build environments to catch build problems.
- Allow virt_domains to setsched for running gdb on itself
- Allow pulseaudio running as mozilla_plugin_t to read /run/systemd/users/1000
- Allow cups_t to read inhered tmpfs_t from the kernel
- Allow openshift_cron_t to look at quota
- Allow cgred to send signal perms to itself, needs back port to RHEL6
- Allow certwatch to execut /usr/bin/httpd
- Allow yppasswdd to use NIS
- Tuned wants sys_rawio capability
- Allow thumb_t to execute user home content
- Allow s-c-kdump to connect to syslogd
- Allow condor domains block_suspend and dac_override caps
- Allow condor_master to read passd
- Allow condor_master to read system state
- Allow mount to write keys for the unconfined domain
- Add unconfined_write_keys() interface
- Add labeling for /usr/share/pki
- Add additional ports as mongod_port_t for 27018, 27019, 28017, 28018 and 28019 ports
- Allow commands that are going to read mount pid files to search mount_var_run_t