diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 942bb30..2251b02 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -262,6 +262,13 @@ optional_policy(`
 	hal_dbus_chat(sandbox_x_client_t)
 ')
 
+
+allow sandbox_web_t self:process setsched;
+
+optional_policy(`
+	nsplugin_read_rw_files(sandbox_web_t)
+')
+
 ########################################
 #
 # sandbox_web_client_t local policy
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index a5b6508..0ed1671 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -251,8 +251,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
 domain_use_interactive_fds(postgresql_t)
 
 files_dontaudit_search_home(postgresql_t)
-files_manage_etc_files(postgresql_t)
-files_search_etc(postgresql_t)
+files_read_etc_files(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)
 
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 1f8fee9..0fcd4e7 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -283,6 +283,7 @@ optional_policy(`
 # for kernel package installation
 optional_policy(`
 	rpm_rw_pipes(mount_t)
+	rpm_dontaudit_leaks(mount_t)
 ')
 
 optional_policy(`