diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 88a211a..8d4ac56 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -45,6 +45,8 @@ manage_fifo_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xs
 manage_sock_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
 fs_tmpfs_filetrans(sandbox_xserver_t, sandbox_xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
 
+kernel_dontaudit_request_load_module(sandbox_xserver_t)
+
 corecmd_exec_bin(sandbox_xserver_t)
 corecmd_exec_shell(sandbox_xserver_t)
 
@@ -238,7 +240,7 @@ userdom_use_user_ptys(sandbox_x_t)
 #
 # sandbox_x_client_t local policy
 #
-allow sandbox_x_client_t self:tcp_socket create_socket_perms;
+allow sandbox_x_client_t self:tcp_socket create_stream_socket_perms;
 allow sandbox_x_client_t self:udp_socket create_socket_perms;
 allow sandbox_x_client_t self:dbus { acquire_svc send_msg };
 allow sandbox_x_client_t self:netlink_selinux_socket create_socket_perms;
@@ -272,7 +274,7 @@ allow sandbox_web_type self:netlink_audit_socket nlmsg_relay;
 allow sandbox_web_type self:process setsched;
 dontaudit sandbox_web_type self:process setrlimit;
 
-allow sandbox_web_type self:tcp_socket create_socket_perms;
+allow sandbox_web_type self:tcp_socket create_stream_socket_perms;
 allow sandbox_web_type self:udp_socket create_socket_perms;
 allow sandbox_web_type self:dbus { acquire_svc send_msg };
 allow sandbox_web_type self:netlink_selinux_socket create_socket_perms;
diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
index 59867f6..7e8fd3a 100644
--- a/policy/modules/apps/telepathy.te
+++ b/policy/modules/apps/telepathy.te
@@ -80,6 +80,9 @@ sysnet_read_config(telepathy_msn_t)
 
 optional_policy(`
         dbus_system_bus_client(telepathy_msn_t)
+	optional_policy(`
+		networkmanager_dbus_chat(telepathy_msn_t)
+	')
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
index b191ff7..ca3a848 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -239,6 +239,7 @@ files_read_etc_files(devicekit_power_t)
 files_read_usr_files(devicekit_power_t)
 
 fs_list_inotifyfs(devicekit_power_t)
+fs_getattr_all_fs(devicekit_power_t)
 
 term_use_all_terms(devicekit_power_t)
 
diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te
index af4d572..ac97ed9 100644
--- a/policy/modules/services/mailman.te
+++ b/policy/modules/services/mailman.te
@@ -81,6 +81,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	gnome_dontaudit_search_config(mailman_mail_t)
+')
+
+optional_policy(`
 	cron_read_pipes(mailman_mail_t)
 ')
 
@@ -125,4 +129,4 @@ optional_policy(`
 
 optional_policy(`
 	su_exec(mailman_queue_t)
-')
\ No newline at end of file
+')
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 6ff8f25..a1d911d 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1164,6 +1164,8 @@ interface(`xserver_domtrans',`
 
  	allow $1 xserver_t:process siginh;
 	domtrans_pattern($1, xserver_exec_t, xserver_t)
+
+	allow xserver_t $1:process getpgid;
 ')
 
 ########################################
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 06185fd..227958c 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -113,6 +113,7 @@ interface(`auth_login_pgm_domain',`
 	userdom_manage_all_users_keys($1)
 
 	files_list_var_lib($1)
+	manage_dirs_pattern($1, var_auth_t, var_auth_t)
 	manage_files_pattern($1, var_auth_t, var_auth_t)
 
 	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)