diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index ccd249d..1bc0177 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -281,6 +281,22 @@ interface(`mta_send_mail',`
')
#######################################
+##
+## Connect to all mail servers over TCP.
+##
+##
+## Mail server domain.
+##
+#
+interface(`mta_tcp_connect_all_mailservers',`
+ gen_require(`
+ attribute mailserver_domain;
+ ')
+
+ allow $1 mailserver_domain:tcp_socket { connectto recvfrom };
+')
+
+#######################################
#
# mta_exec(domain)
#
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index d365295..87a1c41 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -2429,13 +2429,30 @@ interface(`files_search_locks',`
interface(`files_dontaudit_search_locks',`
gen_require(`
type var_lock_t;
- class dir search;
')
dontaudit $1 var_lock_t:dir search;
')
########################################
+##
+## Add and remove entries in the /var/lock
+## directories.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`files_rw_locks_dir',`
+ gen_require(`
+ type var_t, var_lock_t;
+ ')
+
+ allow $1 var_t:dir search;
+ allow $1 var_lock_t:dir rw_dir_perms;
+')
+
+########################################
#
# files_getattr_generic_locks(domain)
#
@@ -2535,16 +2552,20 @@ interface(`files_search_pids',`
')
########################################
-#
-# files_dontaudit_search_pids(domain)
+##
+## Do not audit attempts to search
+## the /var/run directory.
+##
+##
+## Domain to not audit.
+##
#
interface(`files_dontaudit_search_pids',`
gen_require(`
type var_run_t;
- class dir search;
')
- allow $1 var_run_t:dir search;
+ dontaudit $1 var_run_t:dir search;
')
########################################