- the base abstraction for common abstract and anonymous rules (comments
  included per rule)
- dbus-session-strict to add a rule for connecting to the dbus session
  abstract
  socket. I used 'peer=(label=unconfined)' here, but I could probably lose the
  explicit label if people preferred that
- X to add a rule for connecting to the X abstract socket. Same as for
  dbus-session-strict
- nameservice to add a rule for connecting to a netlink raw. This change could
  possibly be excluded, but applications using networking (at least on Ubuntu)
  all seem to need it. Excluding it would mean systems using nscd would need to
  add this and ones not using it would have a noisy denial

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>