diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 99b06d415..c1362f460 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -4100,6 +4100,7 @@ interface(`files_manage_kernel_modules',`
 		type modules_object_t;
 	')
 
+	allow $1 modules_object_t:dir rw_dir_perms;
 	manage_files_pattern($1, modules_object_t, modules_object_t)
 ')
 
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 816a926a3..a9f58905d 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -89,8 +89,8 @@ files_read_usr_files(kmod_t)
 files_exec_etc_files(kmod_t)
 # for nscd:
 files_dontaudit_search_pids(kmod_t)
-# for locking: (cjp: ????)
-files_write_kernel_modules(kmod_t)
+# to manage modules.dep
+files_manage_kernel_modules(kmod_t)
 
 fs_getattr_xattr_fs(kmod_t)
 fs_dontaudit_use_tmpfs_chr_dev(kmod_t)
@@ -165,12 +165,6 @@ optional_policy(`
 	rpm_rw_pipes(kmod_t)
 ')
 
-optional_policy(`
-	unconfined_domain(kmod_t)
-	unconfined_dontaudit_rw_pipes(kmod_t)
-	unconfined_domtrans_to(kmod_t, kmod_exec_t)
-')
-
 optional_policy(`
 	# cjp: why is this needed:
 	dev_rw_xserver_misc(kmod_t)