diff --git a/policy/modules/contrib/sandboxX.te b/policy/modules/contrib/sandboxX.te
index 78affa318e..db110bae31 100644
--- a/policy/modules/contrib/sandboxX.te
+++ b/policy/modules/contrib/sandboxX.te
@@ -357,7 +357,8 @@ optional_policy(`
 #
 typeattribute sandbox_web_client_t sandbox_web_type;
 
-allow sandbox_web_client_t sandbox_web_client_t:cap_userns sys_chroot;
+allow sandbox_web_client_t self:user_namespace create;
+allow sandbox_web_client_t self:cap_userns sys_chroot;
 allow sandbox_web_t sandbox_web_client_t:process2 nnp_transition;
 
 selinux_get_fs_mount(sandbox_web_client_t)
@@ -474,6 +475,10 @@ optional_policy(`
 	chrome_domtrans_sandbox(sandbox_web_type)
 ')
 
+optional_policy(`
+	dbus_watch_config(sandbox_web_type)
+')
+
 optional_policy(`
 	mozilla_plugin_rw_sem(sandbox_web_type)
 ')