diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index aad46d834..0352a1988 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -142,6 +142,24 @@ interface(`kernel_sigchld',`
allow $1 kernel_t:process sigchld;
')
+########################################
+##
+## Send a kill signal to kernel threads.
+##
+##
+##
+## The type of the process sending the signal.
+##
+##
+#
+interface(`kernel_kill',`
+ gen_require(`
+ type kernel_t;
+ ')
+
+ allow $1 kernel_t:process sigkill;
+')
+
########################################
##
## Send a generic signal to kernel threads.
@@ -622,6 +640,24 @@ interface(`kernel_search_debugfs',`
search_dirs_pattern($1, debugfs_t, debugfs_t)
')
+########################################
+##
+## Do not audit attempts to search the kernel debugging filesystem.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`kernel_dontaudit_search_debugfs',`
+ gen_require(`
+ type debugfs_t;
+ ')
+
+ dontaudit $1 debugfs_t:dir search_dir_perms;
+')
+
########################################
##
## Read information from the debugging filesystem.
@@ -1992,6 +2028,25 @@ interface(`kernel_kill_unlabeled',`
allow $1 unlabeled_t:process sigkill;
')
+########################################
+##
+## Mount a kernel unlabeled filesystem.
+##
+##
+##
+## The type of the domain mounting the filesystem.
+##
+##
+#
+interface(`kernel_mount_unlabeled',`
+ gen_require(`
+ type unlabeled_t;
+ ')
+
+ allow $1 unlabeled_t:filesystem mount;
+')
+
+
########################################
##
## Send general signals to unlabeled processes.
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 400bee589..3ef6a622b 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel, 1.11.2)
+policy_module(kernel, 1.11.3)
########################################
#