diff --git a/advanced/selinux/pihole.te b/advanced/selinux/pihole.te
index 595755ddbc..7b246f53d7 100644
--- a/advanced/selinux/pihole.te
+++ b/advanced/selinux/pihole.te
@@ -2,32 +2,22 @@ module pihole 1.0;
 
 require {
         type var_log_t;
-        type unconfined_t;
-        type init_t;
-        type auditd_t;
-        type syslogd_t;
-        type NetworkManager_t;
-        type mdadm_t;
-        type tuned_t;
-        type avahi_t;
-        type irqbalance_t;
-        type system_dbusd_t;
-        type kernel_t;
-        type httpd_sys_script_t;
-        type systemd_logind_t;
         type httpd_t;
-        type policykit_t;
+        type httpd_sys_script_t;
         type dnsmasq_t;
-        type udev_t;
-        type postfix_pickup_t;
-        type sshd_t;
-        type crond_t;
-        type getty_t;
-        type lvm_t;
-        type postfix_qmgr_t;
-        type postfix_master_t;
-        class dir { getattr search };
-        class file { read open setattr };
+        type init_t;
+        type sysfs_t;
+        type shadow_t;
+        type pam_var_run_t;
+        type sudo_db_t;
+        type system_dbusd_var_run_t;
+        class dir { search add_name write create getattr };
+        class file { read write open create lock setattr getattr };
+        class process { setrlimit };
+        class netlink_audit_socket { create nlmsg_relay };
+        class unix_stream_socket { ioctl };
+        class sock_file { write };
+        class capability { setgid setuid dac_override dac_read_search sys_resource audit_write };
 }
 
 #============= dnsmasq_t ==============
@@ -36,52 +26,15 @@ allow dnsmasq_t var_log_t:file { open setattr };
 #============= httpd_t ==============
 allow httpd_t var_log_t:file { read open };
 
-#============= httpd_sys_script_t (class: dir) ==============
-allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
-allow httpd_sys_script_t auditd_t:dir { getattr search };
-allow httpd_sys_script_t avahi_t:dir { getattr search };
-allow httpd_sys_script_t crond_t:dir { getattr search };
-allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
-allow httpd_sys_script_t getty_t:dir { getattr search };
-allow httpd_sys_script_t httpd_t:dir { getattr search };
-allow httpd_sys_script_t init_t:dir { getattr search };
-allow httpd_sys_script_t irqbalance_t:dir { getattr search };
-allow httpd_sys_script_t kernel_t:dir { getattr search };
-allow httpd_sys_script_t lvm_t:dir { getattr search };
-allow httpd_sys_script_t mdadm_t:dir { getattr search };
-allow httpd_sys_script_t policykit_t:dir { getattr search };
-allow httpd_sys_script_t postfix_master_t:dir { getattr search };
-allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
-allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
-allow httpd_sys_script_t sshd_t:dir { getattr search };
-allow httpd_sys_script_t syslogd_t:dir { getattr search };
-allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
-allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
-allow httpd_sys_script_t tuned_t:dir { getattr search };
-allow httpd_sys_script_t udev_t:dir { getattr search };
-allow httpd_sys_script_t unconfined_t:dir { getattr search };
-
-#============= httpd_sys_script_t (class: file) ==============
-allow httpd_sys_script_t NetworkManager_t:file { read open };
-allow httpd_sys_script_t auditd_t:file { read open };
-allow httpd_sys_script_t avahi_t:file { read open };
-allow httpd_sys_script_t crond_t:file { read open };
-allow httpd_sys_script_t dnsmasq_t:file { read open };
-allow httpd_sys_script_t getty_t:file { read open };
-allow httpd_sys_script_t httpd_t:file { read open };
-allow httpd_sys_script_t init_t:file { read open };
-allow httpd_sys_script_t irqbalance_t:file { read open };
-allow httpd_sys_script_t kernel_t:file { read open };
-allow httpd_sys_script_t lvm_t:file { read open };
-allow httpd_sys_script_t mdadm_t:file { read open };
-allow httpd_sys_script_t policykit_t:file { read open };
-allow httpd_sys_script_t postfix_master_t:file { read open };
-allow httpd_sys_script_t postfix_pickup_t:file { read open };
-allow httpd_sys_script_t postfix_qmgr_t:file { read open };
-allow httpd_sys_script_t sshd_t:file { read open };
-allow httpd_sys_script_t syslogd_t:file { read open };
-allow httpd_sys_script_t system_dbusd_t:file { read open };
-allow httpd_sys_script_t systemd_logind_t:file { read open };
-allow httpd_sys_script_t tuned_t:file { read open };
-allow httpd_sys_script_t udev_t:file { read open };
-allow httpd_sys_script_t unconfined_t:file { read open };
+#============= httpd_sys_script_t ==============
+allow httpd_sys_script_t dnsmasq_t:dir getattr;
+allow httpd_sys_script_t sysfs_t:file { read open getattr };
+allow httpd_sys_script_t pam_var_run_t:dir { write create add_name };
+allow httpd_sys_script_t pam_var_run_t:file { read write open create lock getattr };
+allow httpd_sys_script_t self:capability { setgid setuid dac_override dac_read_search sys_resource audit_write };
+allow httpd_sys_script_t self:netlink_audit_socket { create nlmsg_relay };
+allow httpd_sys_script_t sudo_db_t:dir { search getattr };
+allow httpd_sys_script_t shadow_t:file { read open create getattr };
+allow httpd_sys_script_t self:process setrlimit;
+allow httpd_sys_script_t init_t:unix_stream_socket { ioctl };
+allow httpd_sys_script_t system_dbusd_var_run_t:sock_file { write };
diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index a04cac3f23..47438a7ce6 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -950,14 +950,13 @@ configureSelinux() {
 		echo " installed!"
 		printf ":::\tEnabling httpd server side includes (SSI).. "
 		setsebool -P httpd_ssi_exec on &> /dev/null && echo "Success" || echo "SELinux not enabled"
+		printf ":::\tEnabling httpd execmem.. "
+		setsebool -P httpd_execmem on &> /dev/null && echo "Success" || echo "SELinux not enabled"
 		printf "\n:::\tCompiling Pi-Hole SELinux policy..\n"
-		if ! [ -x "$(command -v systemctl)" ]; then
-			sed -i.bak '/systemd/d' /etc/.pihole/advanced/selinux/pihole.te
-		fi
 		checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
 		semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
 		semodule -i /etc/pihole/pihole.pp
-		rm -f /etc/pihole/pihole.mod
+		rm -f /etc/pihole/pihole.mod /etc/pihole/pihole.pp
 		semodule -l | grep pihole &> /dev/null && echo "::: Installed Pi-Hole SELinux policy" || echo "::: Warning: Pi-Hole SELinux policy did not install."
 	fi
 }