diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index 15e02e4e2..7c6933f2e 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t)
 #
 
 allow hotplug_t self:capability { net_admin sys_tty_config mknod sys_rawio };
-dontaudit hotplug_t self:capability { sys_module sys_admin sys_tty_config };
+dontaudit hotplug_t self:capability { sys_module sys_admin sys_ptrace sys_tty_config };
 # for access("/etc/bashrc", X_OK) on Red Hat
 dontaudit hotplug_t self:capability { dac_override dac_read_search };
 allow hotplug_t self:process { setpgid getsession getattr signal_perms };
@@ -39,14 +39,16 @@ allow hotplug_t hotplug_etc_t:dir list_dir_perms;
 
 can_exec(hotplug_t, hotplug_exec_t)
 
+manage_dirs_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
 manage_files_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
-files_pid_filetrans(hotplug_t, hotplug_var_run_t, file)
+files_pid_filetrans(hotplug_t, hotplug_var_run_t, { dir file })
 
 kernel_sigchld(hotplug_t)
 kernel_setpgid(hotplug_t)
 kernel_read_system_state(hotplug_t)
+kernel_read_network_state(hotplug_t)
 kernel_read_kernel_sysctls(hotplug_t)
-kernel_read_net_sysctls(hotplug_t)
+kernel_rw_net_sysctls(hotplug_t)
 
 files_read_kernel_modules(hotplug_t)