diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index a834ead..199d41a 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -33,6 +33,10 @@ gen_tunable(allow_httpd_anon_write,false)
 ## Allow system to run with kerberos
 gen_tunable(allow_kerberos,false)
 
+## Allow rsync to modify public files
+## used for public file transfer services.
+gen_tunable(allow_rsync_anon_write,false)
+
 ## Allow sasl to read shadow
 gen_tunable(allow_saslauthd_read_shadow,false)
 
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 1ab1ea0..485ddf8 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -78,9 +78,14 @@ libs_use_shared_libs(rsync_t)
 logging_send_syslog_msg(rsync_t)
 
 miscfiles_read_localization(rsync_t)
+miscfiles_read_public_files(rsync_t)
 
 sysnet_read_config(rsync_t)
 
+tunable_policy(`allow_rsync_anon_write',`
+	miscfiles_manage_public_files(rsync_t)
+')
+
 optional_policy(`kerberos.te',`
 	kerberos_use(rsync_t)
 ')
@@ -92,7 +97,3 @@ optional_policy(`nis.te',`
 optional_policy(`nscd.te',`
 	nscd_use_socket(rsync_t)
 ')
-
-ifdef(`TODO',`
-anonymous_domain(rsync)
-') dnl end TODO
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 3467a7a..146d356 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -215,6 +215,10 @@ files_create_etc_config(update_modules_t,modules_conf_t)
 
 # transition to depmod
 domain_auto_trans(update_modules_t, depmod_exec_t, depmod_t)
+allow update_modules_t depmod_t:fd use;
+allow depmod_t update_modules_t:fd use;
+allow depmod_t update_modules_t:fifo_file rw_file_perms;
+allow depmod_t update_modules_t:process sigchld;
 
 allow update_modules_t update_modules_tmp_t:dir create_dir_perms;
 allow update_modules_t update_modules_tmp_t:file create_file_perms;
@@ -229,11 +233,11 @@ fs_getattr_xattr_fs(update_modules_t)
 
 term_use_console(update_modules_t)
 
-init_use_fd(depmod_t)
-init_use_script_fd(depmod_t)
-init_use_script_pty(depmod_t)
+init_use_fd(update_modules_t)
+init_use_script_fd(update_modules_t)
+init_use_script_pty(update_modules_t)
 
-domain_use_wide_inherit_fd(depmod_t)
+domain_use_wide_inherit_fd(update_modules_t)
 
 files_read_etc_runtime_files(update_modules_t)
 files_read_etc_files(update_modules_t)
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index f3c237e..f3d1def 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -34,6 +34,13 @@ ifdef(`targeted_policy',`
 	init_domtrans_script(unconfined_t)
 
 	userdom_unconfined(unconfined_t)
+	userdom_priveleged_home_dir_manager(unconfined_t)
+
+	optional_policy(`modutils.te',`
+		modutils_domtrans_depmod(unconfined_t)
+		modutils_domtrans_insmod(unconfined_t)
+		modutils_domtrans_update_mods(unconfined_t)
+	')
 
 	optional_policy(`postfix.te',`
 		postfix_domtrans_map(unconfined_t)