diff --git a/corosync.if b/corosync.if
index 885b25d..33df583 100644
--- a/corosync.if
+++ b/corosync.if
@@ -18,6 +18,24 @@ interface(`corosync_domtrans',`
domtrans_pattern($1, corosync_exec_t, corosync_t)
')
+#######################################
+##
+## Execute a domain transition to run corosync.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`corosync_initrc_domtrans',`
+ gen_require(`
+ type corosync_initrc_exec_t;
+ ')
+
+ init_labeled_script_domtrans($1, corosync_initrc_exec_t)
+')
+
######################################
##
## Execute corosync in the caller domain.
diff --git a/wdmd.te b/wdmd.te
index f2b3f6c..09b45bb 100644
--- a/wdmd.te
+++ b/wdmd.te
@@ -37,6 +37,11 @@ manage_dirs_pattern(wdmd_t, wdmd_tmpfs_t, wdmd_tmpfs_t)
manage_files_pattern(wdmd_t, wdmd_tmpfs_t, wdmd_tmpfs_t)
fs_tmpfs_filetrans(wdmd_t, wdmd_tmpfs_t, { dir file })
+kernel_read_system_state(wdmd_t)
+
+corecmd_exec_bin(wdmd_t)
+corecmd_exec_shell(wdmd_t)
+
dev_read_watchdog(wdmd_t)
dev_write_watchdog(wdmd_t)
@@ -48,3 +53,9 @@ fs_read_anon_inodefs_files(wdmd_t)
auth_use_nsswitch(wdmd_t)
logging_send_syslog_msg(wdmd_t)
+
+optional_policy(`
+ corosync_initrc_domtrans(wdmd_t)
+ corosync_stream_connect(wdmd_t)
+ corosync_rw_tmpfs(wdmd_t)
+')