diff --git a/genfs_contexts b/genfs_contexts
index 2aed2bc1c90664d21e21f7ccc60d8bb7b05585e4..8560e38d348a430a8fe2216b6e51a7e4ff1278a8 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -15,6 +15,7 @@ genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 genfscon cgroup / u:object_r:cgroup:s0
diff --git a/unconfined.te b/unconfined.te
index daa6849828c3f6a839c1ecccaa1d62ffa1c4c459..45c82920109644d384db5b855c11aaa54ba2fc41 100644
--- a/unconfined.te
+++ b/unconfined.te
@@ -19,7 +19,6 @@
 allow unconfineddomain self:capability_class_set *;
 allow unconfineddomain kernel:security ~{ load_policy setenforce };
 allow unconfineddomain kernel:system *;
-allow unconfineddomain self:memprotect *;
 allow unconfineddomain domain:process ~ptrace;
 allow unconfineddomain domain:fd *;
 allow unconfineddomain domain:dir r_dir_perms;