diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index d85e550..0a46adb 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -188,6 +188,8 @@ optional_policy(`postfix.te',`
 	allow system_mail_t etc_aliases_t:fifo_file create_file_perms;
 	files_create_etc_config(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
 
+	domain_use_wide_inherit_fd(system_mail_t)
+
 	optional_policy(`crond.te',`
 		cron_crw_tcp_socket(system_mail_t)
 	')
@@ -204,6 +206,10 @@ optional_policy(`sendmail.te',`
 	# sendmail -q 
 	allow system_mail_t mqueue_spool_t:dir rw_dir_perms;
 	allow system_mail_t mqueue_spool_t:file create_file_perms;
+
+	# FIXME:
+	allow system_mail_t sendmail_log_t:file manage_file_perms;
+	logging_create_log(system_mail_t,sendmail_log_t)
 ')
 
 ifdef(`TODO',`
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 33bc8bd..a67d51f 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -35,6 +35,10 @@ allow sendmail_t self:fifo_file rw_file_perms;
 allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
 allow sendmail_t self:unix_dgram_socket create_socket_perms;
 
+allow sendmail_t sendmail_log_t:file create_file_perms;
+allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
+logging_create_log(sendmail_t,sendmail_log_t,{ file dir })
+
 kernel_read_kernel_sysctl(sendmail_t)
 # for piping mail to a command
 kernel_read_system_state(sendmail_t)
@@ -102,10 +106,6 @@ ifdef(`targeted_policy',`
 	term_dontaudit_use_generic_pty(sendmail_t)
 	files_dontaudit_read_root_file(sendmail_t)
 ',`
-	allow sendmail_t sendmail_log_t:file create_file_perms;
-	allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
-	logging_create_log(sendmail_t,sendmail_log_t,{ file dir })
-
 	allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
 	allow sendmail_t sendmail_tmp_t:file create_file_perms;
 	files_create_tmp_files(sendmail_t, sendmail_tmp_t, { file dir })
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 3d3f9bb..2469a3a 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -292,9 +292,9 @@ kernel_read_kernel_sysctl(syslogd_t)
 kernel_read_proc_symlinks(syslogd_t)
 kernel_send_syslog_msg_from(devlog_t,syslogd_t)
 # Allow access to /proc/kmsg for syslog-ng
-kernel_read_messages(klogd_t)
-kernel_clear_ring_buffer(klogd_t)
-kernel_change_ring_buffer_level(klogd_t)
+kernel_read_messages(syslogd_t)
+kernel_clear_ring_buffer(syslogd_t)
+kernel_change_ring_buffer_level(syslogd_t)
 
 dev_create_dev_node(syslogd_t,devlog_t,sock_file)
 dev_read_sysfs(syslogd_t)
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 5b06fde..ce40afb 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -32,6 +32,8 @@ ifdef(`targeted_policy',`
 	# macros and domains from the "strict" policy.
 	typealias unconfined_t alias { secadm_t sysadm_t };
 
+	files_create_boot_flag(unconfined_t)
+
 	init_domtrans_script(unconfined_t)
 
 	libs_domtrans_ldconfig(unconfined_t)
@@ -104,6 +106,10 @@ ifdef(`targeted_policy',`
 		su_per_userdomain_template(sysadm,unconfined_t,system_r)
 	')
 
+	optional_policy(`usermanage.te',`
+		usermanage_domtrans_admin_passwd(unconfined_t)
+	')
+
 	optional_policy(`webalizer.te',`
 		webalizer_domtrans(unconfined_t)
 	')