diff --git a/policy/global_tunables b/policy/global_tunables
index cf3a77b..56af226 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -103,10 +103,3 @@ gen_tunable(user_tcp_server,false)
 ## </desc>
 gen_tunable(allow_console_login,false)
 
-## <desc>
-## <p>
-## Allow certain domains to map low memory in the kernel
-## </p>
-## </desc>
-gen_tunable(mmap_low_allowed, false)
-
diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te
index 2102bba..2758c8f 100644
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@@ -31,10 +31,7 @@ dev_rw_sysfs(vbetool_t)
 dev_rw_xserver_misc(vbetool_t)
 dev_rw_mtrr(vbetool_t)
 
-domain_mmap_low_type(vbetool_t)
-tunable_policy(`mmap_low_allowed',`
-	allow vbetool_t self:memprotect mmap_zero;
-')
+domain_mmap_low(vbetool_t)
 
 mls_file_read_all_levels(vbetool_t)
 mls_file_write_all_levels(vbetool_t)
diff --git a/policy/modules/apps/wine.if b/policy/modules/apps/wine.if
index f5a9673..e10101a 100644
--- a/policy/modules/apps/wine.if
+++ b/policy/modules/apps/wine.if
@@ -107,10 +107,7 @@ template(`wine_role_template',`
 	userdom_unpriv_usertype($1, $1_wine_t)
 	userdom_manage_tmpfs_role($2, $1_wine_t)
 
-	domain_mmap_low_type($1_wine_t)
-	tunable_policy(`mmap_low_allowed',`
-		allow $1_wine_t self:memprotect mmap_zero;
-	')
+	domain_mmap_low($1_wine_t)
 
 	tunable_policy(`wine_mmap_zero_ignore',`
 		dontaudit $1_wine_t self:memprotect mmap_zero;
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
index 51e65e7..40cbebb 100644
--- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te
@@ -44,10 +44,7 @@ manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
 manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
 files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
 
-domain_mmap_low_type(wine_t)
-tunable_policy(`mmap_low_allowed',`
-	allow wine_t self:memprotect mmap_zero;
-')
+domain_mmap_low(wine_t)
 tunable_policy(`wine_mmap_zero_ignore',`
 	dontaudit wine_t self:memprotect mmap_zero;
 ')
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index b3da05d..c6e8ffe 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -51,10 +51,6 @@ interface(`unconfined_domain_noaudit',`
 
 	ubac_process_exempt($1)
 
-	tunable_policy(`mmap_low_allowed',`
-		allow $1 self:memprotect mmap_zero;
-	')
-
 	tunable_policy(`allow_execheap',`
 		# Allow making the stack executable via mprotect.
 		allow $1 self:process execheap;
@@ -68,8 +64,8 @@ interface(`unconfined_domain_noaudit',`
 
 	tunable_policy(`allow_execstack',`
 		# Allow making the stack executable via mprotect;
-		# execstack implies execmem; Bugzilla #211271
-		allow $1 self:process { execmem execstack };
+		# execstack implies execmem;
+		allow $1 self:process { execstack execmem };
 #		auditallow $1 self:process execstack;
 	')