diff --git a/corosync.if b/corosync.if
index 885b25d..33df583 100644
--- a/corosync.if
+++ b/corosync.if
@@ -18,6 +18,24 @@ interface(`corosync_domtrans',`
 	domtrans_pattern($1, corosync_exec_t, corosync_t)
 ')
 
+#######################################
+## <summary>
+##  Execute a domain transition to run corosync.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed to transition.
+##  </summary>
+## </param>
+#
+interface(`corosync_initrc_domtrans',`
+    gen_require(`
+        type corosync_initrc_exec_t;
+    ')
+
+    init_labeled_script_domtrans($1, corosync_initrc_exec_t)
+')
+
 ######################################
 ## <summary>
 ##	Execute corosync in the caller domain.
diff --git a/wdmd.te b/wdmd.te
index f2b3f6c..09b45bb 100644
--- a/wdmd.te
+++ b/wdmd.te
@@ -37,6 +37,11 @@ manage_dirs_pattern(wdmd_t, wdmd_tmpfs_t, wdmd_tmpfs_t)
 manage_files_pattern(wdmd_t, wdmd_tmpfs_t, wdmd_tmpfs_t)
 fs_tmpfs_filetrans(wdmd_t, wdmd_tmpfs_t, { dir file })
 
+kernel_read_system_state(wdmd_t)
+
+corecmd_exec_bin(wdmd_t)
+corecmd_exec_shell(wdmd_t)
+
 dev_read_watchdog(wdmd_t)
 dev_write_watchdog(wdmd_t)
 
@@ -48,3 +53,9 @@ fs_read_anon_inodefs_files(wdmd_t)
 auth_use_nsswitch(wdmd_t)
 
 logging_send_syslog_msg(wdmd_t)
+
+optional_policy(`
+	corosync_initrc_domtrans(wdmd_t)
+	corosync_stream_connect(wdmd_t)
+	corosync_rw_tmpfs(wdmd_t)
+')