diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index e93c3449..0c2f2213 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -438,8 +438,8 @@ interface(`logging_send_syslog_msg',`
 		type syslogd_t, devlog_t;
 	')
 
-	allow $1 devlog_t:lnk_file read;
-	allow $1 devlog_t:sock_file rw_sock_file_perms;
+	allow $1 devlog_t:lnk_file read_lnk_file_perms;
+	allow $1 devlog_t:sock_file write_sock_file_perms;
 
 	# the type of socket depends on the syslog daemon
 	allow $1 syslogd_t:unix_dgram_socket sendto;
@@ -447,8 +447,9 @@ interface(`logging_send_syslog_msg',`
 	allow $1 self:unix_dgram_socket create_socket_perms;
 	allow $1 self:unix_stream_socket create_socket_perms;
 
-	# cjp: this should most likely be removed:
-	term_use_console($1)
+	# If syslog is down, the glibc syslog() function
+	# will write to the console.
+	term_write_console($1)
 ')
 
 ########################################
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 04455e0f..3e7ce07f 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging, 1.14.0)
+policy_module(logging, 1.14.1)
 
 ########################################
 #