Allow a couple of sandbox issues.

Remove postgresl managing of etc_files, until I find out why it is needed.
Dontaudit leaks from rpm to mount

policy/modules/apps/sandbox.te

@@ -262,6 +262,13 @@ optional_policy(`
 	hal_dbus_chat(sandbox_x_client_t)
 ')
 
+
+allow sandbox_web_t self:process setsched;
+
+optional_policy(`
+	nsplugin_read_rw_files(sandbox_web_t)
+')
+
 ########################################
 #
 # sandbox_web_client_t local policy

policy/modules/services/postgresql.te

@@ -251,8 +251,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
 domain_use_interactive_fds(postgresql_t)
 
 files_dontaudit_search_home(postgresql_t)
-files_manage_etc_files(postgresql_t)
-files_search_etc(postgresql_t)
+files_read_etc_files(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)
 

policy/modules/system/mount.te

@@ -283,6 +283,7 @@ optional_policy(`
 # for kernel package installation
 optional_policy(`
 	rpm_rw_pipes(mount_t)
+	rpm_dontaudit_leaks(mount_t)
 ')
 
 optional_policy(`