diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 8d1f370..190a684 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -41,7 +41,7 @@ files_pid_file(openvpn_var_run_t)
 # openvpn local policy
 #
 
-allow openvpn_t self:capability { dac_read_search dac_override net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
+allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
 allow openvpn_t self:process { signal getsched };
 allow openvpn_t self:fifo_file rw_fifo_file_perms;
 
@@ -85,6 +85,7 @@ corenet_tcp_bind_generic_node(openvpn_t)
 corenet_udp_bind_generic_node(openvpn_t)
 corenet_tcp_bind_openvpn_port(openvpn_t)
 corenet_udp_bind_openvpn_port(openvpn_t)
+corenet_tcp_bind_http_port(openvpn_t)
 corenet_tcp_connect_openvpn_port(openvpn_t)
 corenet_tcp_connect_http_port(openvpn_t)
 corenet_tcp_connect_http_cache_port(openvpn_t)
@@ -100,6 +101,8 @@ dev_read_urand(openvpn_t)
 files_read_etc_files(openvpn_t)
 files_read_etc_runtime_files(openvpn_t)
 
+auth_use_pam(openvpn_t)
+
 logging_send_syslog_msg(openvpn_t)
 
 miscfiles_read_localization(openvpn_t)
@@ -107,7 +110,7 @@ miscfiles_read_certs(openvpn_t)
 
 sysnet_dns_name_resolve(openvpn_t)
 sysnet_exec_ifconfig(openvpn_t)
-sysnet_write_config(openvpn_t)
+sysnet_manage_config(openvpn_t)
 sysnet_etc_filetrans_config(openvpn_t)
 
 userdom_use_user_terminals(openvpn_t)