diff --git a/refpolicy/policy/modules/services/apache.fc b/refpolicy/policy/modules/services/apache.fc
index 402bac2..d0f10f2 100644
--- a/refpolicy/policy/modules/services/apache.fc
+++ b/refpolicy/policy/modules/services/apache.fc
@@ -53,6 +53,7 @@ ifdef(`distro_debian', `
 
 /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
 /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
+/var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
 
 /var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
 /var/spool/squirrelmail(/.*)?		gen_context(system_u:object_r:squirrelmail_spool_t,s0)
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 80d986a..caf53fc 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -32,7 +32,7 @@ files_tmp_file(mysqld_tmp_t)
 
 allow mysqld_t self:capability { dac_override setgid setuid };
 dontaudit mysqld_t self:capability sys_tty_config;
-allow mysqld_t self:process { setsched getsched };
+allow mysqld_t self:process { setsched getsched signal_perms };
 allow mysqld_t self:fifo_file { read write };
 allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
 allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
@@ -52,6 +52,7 @@ allow mysqld_t mysqld_tmp_t:dir create_dir_perms;
 allow mysqld_t mysqld_tmp_t:file create_file_perms;
 files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir })
 
+allow mysqld_t mysqld_var_run_t:dir rw_dir_perms;
 allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
 allow mysqld_t mysqld_var_run_t:file create_file_perms;
 files_create_pid(mysqld_t,mysqld_var_run_t)
@@ -85,7 +86,9 @@ domain_use_wide_inherit_fd(mysqld_t)
 
 files_getattr_var_lib_dir(mysqld_t)
 files_read_etc_runtime_files(mysqld_t)
+files_read_etc_files(mysqld_t)
 files_read_usr_files(mysqld_t)
+files_search_var_lib(mysqld_t)
 
 init_use_fd(mysqld_t)
 init_use_script_pty(mysqld_t)