diff --git a/policy-F15.patch b/policy-F15.patch
index daa57e6..96ddb3f 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -39242,7 +39242,7 @@ index 078bcd7..2d60774 100644
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..2cfaf93 100644
+index 22adaca..d9913e0 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,10 +32,10 @@
@@ -39508,7 +39508,40 @@ index 22adaca..2cfaf93 100644
files_search_pids($1)
')
-@@ -695,7 +726,7 @@ interface(`ssh_dontaudit_read_server_keys',`
+@@ -680,6 +711,32 @@ interface(`ssh_domtrans_keygen',`
+ domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
+ ')
+
++#######################################
++##
++## Execute ssh-keygen in the iptables domain, and
++## allow the specified role the ssh-keygen domain.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++##
++##
++## Role allowed access.
++##
++##
++##
++#
++interface(`ssh_run_keygen',`
++ gen_require(`
++ type ssh_keygen_t;
++ ')
++
++ role $2 types ssh_keygen_t;
++ ssh_domtrans_keygen($1)
++')
++
+ ########################################
+ ##
+ ## Read ssh server keys
+@@ -695,7 +752,7 @@ interface(`ssh_dontaudit_read_server_keys',`
type sshd_key_t;
')
@@ -39517,7 +39550,7 @@ index 22adaca..2cfaf93 100644
')
######################################
-@@ -735,3 +766,21 @@ interface(`ssh_delete_tmp',`
+@@ -735,3 +792,21 @@ interface(`ssh_delete_tmp',`
files_search_tmp($1)
delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
')