diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index eb8dbb4..38c90f9 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1003,7 +1003,7 @@ interface(`corenet_use_tun_tap_device',`
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 tun_tap_device_t:chr_file { read write ioctl };
+	allow $1 tun_tap_device_t:chr_file { getattr read write ioctl  lock append };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index e4d64c3..2be3b08 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -20,7 +20,7 @@ files_pid_file(NetworkManager_var_run_t)
 
 allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock};
 dontaudit NetworkManager_t self:capability sys_tty_config;
-allow NetworkManager_t self:process { setcap getsched };
+allow NetworkManager_t self:process { setcap getsched signal_perms };
 allow NetworkManager_t self:fifo_file rw_file_perms;
 allow NetworkManager_t self:unix_dgram_socket create_socket_perms;
 allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;