diff --git a/policy/modules/apps/sandbox.if b/policy/modules/apps/sandbox.if
index d104714d..c20d3030 100644
--- a/policy/modules/apps/sandbox.if
+++ b/policy/modules/apps/sandbox.if
@@ -49,6 +49,7 @@ interface(`sandbox_transition',`
 	dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms;
 	dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms;
 	dontaudit sandbox_x_domain $1:unix_stream_socket { read write };
+	dontaudit sandbox_x_domain $1:process signal;
 	
 	allow $1 sandbox_tmpfs_type:file manage_file_perms;
 	dontaudit $1 sandbox_tmpfs_type:file manage_file_perms;
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 7260bf6b..c96d0357 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -238,6 +238,8 @@ interface(`apache_role',`
 	relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
 	relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
 
+	apache_exec_modules($2)
+
 	tunable_policy(`httpd_enable_cgi',`
 		# If a user starts a script by hand it gets the proper context
 		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)