diff --git a/certmonger.te b/certmonger.te

index 0585431e14..26d4e132ce 100644

--- a/certmonger.te

+++ b/certmonger.te

@@ -136,6 +136,10 @@ optional_policy(`

     kerberos_filetrans_named_content(certmonger_t)

 ')

+optional_policy(`

+    mta_send_mail(certmonger_t)

+')

+

 optional_policy(`

 	pcscd_read_pid_files(certmonger_t)

 	pcscd_stream_connect(certmonger_t)

diff --git a/snapper.te b/snapper.te

index faf4fc9fca..fda6e0b289 100644

--- a/snapper.te

+++ b/snapper.te

@@ -22,6 +22,8 @@ files_type(snapperd_data_t)

 #

 # snapperd local policy

 #

+allow snapperd_t self:capability { dac_read_search fowner sys_admin };

+allow snapperd_t self:process setsched;

 allow snapperd_t self:fifo_file rw_fifo_file_perms;

 allow snapperd_t self:unix_stream_socket create_stream_socket_perms;

@@ -36,8 +38,12 @@ manage_lnk_files_pattern(snapperd_t, snapperd_conf_t, snapperd_conf_t)

 manage_files_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)

 manage_dirs_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)

 manage_lnk_files_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)

+allow snapperd_t snapperd_data_t:file relabelfrom;

+allow snapperd_t snapperd_data_t:dir { relabelfrom relabelto mounton };

 snapper_filetrans_named_content(snapperd_t)

+kernel_setsched(snapperd_t)

+

 domain_read_all_domains_state(snapperd_t)

 corecmd_exec_shell(snapperd_t)

@@ -51,6 +57,8 @@ files_read_all_files(snapperd_t)

 files_list_all(snapperd_t)

 fs_getattr_all_fs(snapperd_t)

+fs_mount_xattr_fs(snapperd_t)

+fs_unmount_xattr_fs(snapperd_t)

 storage_raw_read_fixed_disk(snapperd_t)