- Allow abrtd to list home config. BZ(1199658)
- Dontaudit dnssec_trigger_t to read /tmp. BZ(1210250)
- Allow abrt_dump_oops_t to IPC_LOCK. BZ(1205481)
- Allow mock_t to use ptmx. BZ(1181333)
- Allow dnssec_trigger_t to create resolv files labeled as net_conf_t
- Allow dnssec_trigger_t to stream connect to networkmanager.
- Fix labeling for keystone CGI scripts.
- Add more restriction on entrypoint for unconfined domains.
- Allow systemd_networkd_t to load kernel module. BZ(1209402)
- Allow systemd_networkd cap. dac_override. BZ(1204352)
- Label new dnssec-trigger files.