diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index ae2ede6..853c334 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -157,6 +157,7 @@ in_user_role(samba_net_t)
 allow smbd_t self:capability { setgid setuid sys_resource lease dac_override dac_read_search };
 dontaudit smbd_t self:capability sys_tty_config;
 allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow smbd_t self:process setrlimit;
 allow smbd_t self:fd use;
 allow smbd_t self:fifo_file rw_file_perms;
 allow smbd_t self:msg { send receive };
@@ -170,7 +171,7 @@ allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
 allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
 allow smbd_t samba_etc_t:dir rw_dir_perms;
-allow smbd_t samba_etc_t:file r_file_perms;
+allow smbd_t samba_etc_t:file { rw_file_perms setattr };
 
 allow smbd_t samba_log_t:dir ra_dir_perms;
 dontaudit smbd_t samba_log_t:dir remove_name;
@@ -339,11 +340,15 @@ kernel_read_software_raid_state(nmbd_t)
 kernel_read_system_state(nmbd_t)
 
 corenet_tcp_sendrecv_all_if(nmbd_t)
+corenet_udp_sendrecv_all_if(nmbd_t)
 corenet_raw_sendrecv_all_if(nmbd_t)
 corenet_tcp_sendrecv_all_nodes(nmbd_t)
+corenet_udp_sendrecv_all_nodes(nmbd_t)
 corenet_raw_sendrecv_all_nodes(nmbd_t)
 corenet_tcp_sendrecv_all_ports(nmbd_t)
+corenet_udp_sendrecv_all_ports(nmbd_t)
 corenet_tcp_bind_all_nodes(nmbd_t)
+corenet_udp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_nmbd_port(nmbd_t)
 
 dev_read_sysfs(nmbd_t)