diff --git a/corosync.te b/corosync.te
index 7b092d4..0815968 100644
--- a/corosync.te
+++ b/corosync.te
@@ -36,7 +36,7 @@ systemd_unit_file(corosync_unit_file_t)
 # corosync local policy
 #
 
-allow corosync_t self:capability { dac_override setuid setgid sys_nice sys_admin sys_resource ipc_lock };
+allow corosync_t self:capability { dac_override fowner setuid setgid sys_nice sys_admin sys_resource ipc_lock };
 # for hearbeat
 allow corosync_t self:capability { net_raw chown };
 allow corosync_t self:process { setpgid setrlimit setsched signal signull };
diff --git a/pacemaker.fc b/pacemaker.fc
index 4e915ab..3793461 100644
--- a/pacemaker.fc
+++ b/pacemaker.fc
@@ -6,6 +6,7 @@
 
 /var/lib/heartbeat/crm(/.*)?	gen_context(system_u:object_r:pacemaker_var_lib_t,s0)
 
+/var/lib/pacemaker(/.*)?      gen_context(system_u:object_r:pacemaker_var_lib_t,s0)
 /var/lib/pengine(/.*)?		gen_context(system_u:object_r:pacemaker_var_lib_t,s0)
 
 /var/run/crm(/.*)?		gen_context(system_u:object_r:pacemaker_var_run_t,s0)
diff --git a/pacemaker.te b/pacemaker.te
index ec7033b..ff79a8c 100644
--- a/pacemaker.te
+++ b/pacemaker.te
@@ -18,6 +18,9 @@ files_type(pacemaker_var_lib_t)
 type pacemaker_var_run_t;
 files_pid_file(pacemaker_var_run_t)
 
+type pacemaker_tmpfs_t;
+files_tmpfs_file(pacemaker_tmpfs_t)
+
 type pacemaker_unit_file_t;
 systemd_unit_file(pacemaker_unit_file_t)
 
@@ -25,10 +28,11 @@ systemd_unit_file(pacemaker_unit_file_t)
 #
 # pacemaker local policy
 #
-allow pacemaker_t self:capability { chown dac_override setuid };
+
+allow pacemaker_t self:capability { fowner fsetid kill chown dac_override setuid };
 allow pacemaker_t self:process { fork setrlimit signal };
 allow pacemaker_t self:fifo_file rw_fifo_file_perms;
-allow pacemaker_t self:unix_stream_socket create_stream_socket_perms;
+allow pacemaker_t self:unix_stream_socket { connectto create_stream_socket_perms };
 
 manage_dirs_pattern(pacemaker_t, pacemaker_var_lib_t, pacemaker_var_lib_t)
 manage_files_pattern(pacemaker_t, pacemaker_var_lib_t, pacemaker_var_lib_t)
@@ -38,14 +42,23 @@ manage_dirs_pattern(pacemaker_t, pacemaker_var_run_t, pacemaker_var_run_t)
 manage_files_pattern(pacemaker_t, pacemaker_var_run_t, pacemaker_var_run_t)
 files_pid_filetrans(pacemaker_t, pacemaker_var_run_t, { dir file })
 
+manage_dirs_pattern(pacemaker_t, pacemaker_tmpfs_t, pacemaker_tmpfs_t)
+manage_files_pattern(pacemaker_t, pacemaker_tmpfs_t, pacemaker_tmpfs_t)
+fs_tmpfs_filetrans(pacemaker_t, pacemaker_tmpfs_t, { dir file })
+
 domain_use_interactive_fds(pacemaker_t)
+domain_read_all_domains_state(pacemaker_t)
 
+dev_read_rand(pacemaker_t)
+dev_read_urand(pacemaker_t)
 
 auth_use_nsswitch(pacemaker_t)
 
 logging_send_syslog_msg(pacemaker_t)
 
 optional_policy(`
+	corosync_read_log(pacemaker_t)
 	corosync_stream_connect(pacemaker_t)
+	corosync_rw_tmpfs(pacemaker_t)
 ')