diff --git a/policy/global_tunables b/policy/global_tunables
index 56af226..f85244d 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -13,21 +13,21 @@ gen_tunable(allow_execheap,false)
##
##
-## Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+## Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla
##
##
gen_tunable(allow_execmem,false)
##
##
-## Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
+## Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t
##
##
gen_tunable(allow_execmod,false)
##
##
-## Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+## Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
##
##
gen_tunable(allow_execstack,false)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 464a11e..2993130 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -140,6 +140,7 @@ template(`sudo_role_template',`
userdom_manage_user_tmp_files($1_sudo_t)
userdom_manage_user_tmp_symlinks($1_sudo_t)
userdom_use_user_terminals($1_sudo_t)
+ userdom_signal_unpriv_users($1_sudo_t)
# for some PAM modules and for cwd
userdom_search_user_home_content($1_sudo_t)
userdom_search_admin_dir($1_sudo_t)
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 09d4b31..0d8458a 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -474,6 +474,25 @@ interface(`domain_signal_all_domains',`
########################################
##
+## Dontaudit sending general signals to all domains.
+##
+##
+##
+## Domain to not audit.
+##
+##
+##
+#
+interface(`domain_dontaudit_signal_all_domains',`
+ gen_require(`
+ attribute domain;
+ ')
+
+ dontaudit $1 domain:process signal;
+')
+
+########################################
+##
## Send a null signal to all domains.
##
##
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 31ebaa7..a09ab47 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -102,7 +102,7 @@ type hugetlbfs_t;
fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t)
fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
-dev_associate_sysfs(hugetlbfs_t)
+dev_associate(hugetlbfs_t)
type ibmasmfs_t;
fs_type(ibmasmfs_t)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 9b9e013..5fbf38f 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -576,6 +576,7 @@ domain_use_interactive_fds(xdm_t)
# Do not audit denied probes of /proc.
domain_dontaudit_read_all_domains_state(xdm_t)
domain_dontaudit_ptrace_all_domains(xdm_t)
+domain_dontaudit_signal_all_domains(xdm_t)
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)