diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index 9e9d836b..e8741978 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -97,3 +97,40 @@ interface(`networkmanager_dbus_chat',`
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
')
+
+########################################
+##
+## Send a generic signal to NetworkManager
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`networkmanager_signal',`
+ gen_require(`
+ type NetworkManager_t;
+ ')
+
+ allow $1 NetworkManager_t:process signal;
+')
+
+########################################
+##
+## Read NetworkManager PID files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`networkmanager_read_pid_files',`
+ gen_require(`
+ type NetworkManager_var_run_t;
+ ')
+
+ files_search_pids($1)
+ allow $1 NetworkManager_var_run_t:file read_file_perms;
+')
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index fc92ba15..a656bb8d 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
-policy_module(networkmanager, 1.10.0)
+policy_module(networkmanager, 1.10.1)
########################################
#
@@ -10,6 +10,12 @@ type NetworkManager_t;
type NetworkManager_exec_t;
init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
+type NetworkManager_log_t;
+logging_log_file(NetworkManager_log_t)
+
+type NetworkManager_script_exec_t;
+init_script_file(NetworkManager_script_exec_t)
+
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
diff --git a/policy/modules/services/ppp.fc b/policy/modules/services/ppp.fc
index 6ea513d7..43a091ae 100644
--- a/policy/modules/services/ppp.fc
+++ b/policy/modules/services/ppp.fc
@@ -1,6 +1,8 @@
#
# /etc
#
+/etc/rc.d/init.d/ppp -- gen_context(system_u:object_r:pppd_script_exec_t,s0)
+
/etc/ppp -d gen_context(system_u:object_r:pppd_etc_t,s0)
/etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0)
/etc/ppp/peers(/.*)? gen_context(system_u:object_r:pppd_etc_rw_t,s0)
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 2ce11410..6997c1a7 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -74,6 +74,24 @@ interface(`ppp_signal',`
allow $1 pppd_t:process signal;
')
+########################################
+##
+## Send a generic signull to PPP.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`ppp_signull',`
+ gen_require(`
+ type pppd_t;
+ ')
+
+ allow $1 pppd_t:process signull;
+')
+
########################################
##
## Execute domain in the ppp domain.
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 2ed25ee9..a45d8338 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
-policy_module(ppp, 1.8.0)
+policy_module(ppp, 1.8.1)
########################################
#
@@ -71,7 +71,7 @@ files_pid_file(pptp_var_run_t)
# PPPD Local policy
#
-allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
+allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
dontaudit pppd_t self:capability sys_tty_config;
allow pppd_t self:process signal;
allow pppd_t self:fifo_file rw_fifo_file_perms;
@@ -116,7 +116,7 @@ allow pppd_t pppd_secret_t:file read_file_perms;
kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t)
-kernel_read_net_sysctls(pppd_t)
+kernel_rw_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t)
kernel_load_module(pppd_t)
@@ -199,6 +199,10 @@ optional_policy(`
mta_send_mail(pppd_t)
')
+optional_policy(`
+ networkmanager_signal(pppd_t)
+')
+
optional_policy(`
postfix_domtrans_master(pppd_t)
')