- Fix labeling in snapper.fc
- Allow docker to read unconfined_t process state
- geoclue dbus chats with NetworkManager
- Add cockpit policy
- Add interface to allow tools to check the processes state of bind/named
- Allow myslqd to use the tram port for Galera/MariaDB
- Update freeipmi_domain_template()
- Allow journalctl running as ABRT to read /run/log/journal
- Allow NM to read dispatcher.d directory
- Update freeipmi policy
- Type transitions with a filename not allowed inside conditionals
- Allow tor to bind to hplip port
- Make new type to texlive files in homedir
- Allow zabbix_agent to transition to dmidecode
- Add rules for docker
- Allow sosreport to send signull to unconfined_t
- Add virt_noatsecure and virt_rlimitinh interfaces
- Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipm
- Add sysadm_u_default_contexts
- Add logging_read_syslog_pid()
- Fix userdom_manage_home_texlive() interface
- Make new type to texlive files in homedir
- Add filename transitions for /run and /lock links
- Allow virtd to inherit rlimit information
- Use just init_domain instead of init_daemon_domain in inetd_core_service_domain
- svirt domains neeed to create kobject_uevint_sockets
- Lots of new access required for sosreport
- Allow tgtd_t to connect to isns ports
- Allow init_t to transition to all inetd domains:
- openct needs to be able to create netlink_object_uevent_sockets
- Dontaudit leaks into ldconfig_t
- Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls
- Move kernel_stream_connect into all Xwindow using users
- Dontaudit inherited lock files in ifconfig o dhcpc_t
