diff --git a/policy/modules/services/vnstatd.fc b/policy/modules/services/vnstatd.fc
new file mode 100644
index 000000000..11533ccc4
--- /dev/null
+++ b/policy/modules/services/vnstatd.fc
@@ -0,0 +1,7 @@
+/usr/bin/vnstat		--	gen_context(system_u:object_r:vnstat_exec_t,s0)
+
+/usr/sbin/vnstatd	--	gen_context(system_u:object_r:vnstatd_exec_t,s0)
+
+/var/lib/vnstat(/.*)?		gen_context(system_u:object_r:vnstatd_var_lib_t,s0)
+
+/var/run/vnstat\.pid		gen_context(system_u:object_r:vnstatd_var_run_t,s0)
diff --git a/policy/modules/services/vnstatd.if b/policy/modules/services/vnstatd.if
new file mode 100644
index 000000000..727fe9531
--- /dev/null
+++ b/policy/modules/services/vnstatd.if
@@ -0,0 +1,143 @@
+## <summary>Console network traffic monitor.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run vnstat.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_domtrans_vnstat',`
+	gen_require(`
+		type vnstat_t, vnstat_exec_t;
+	')
+
+	domtrans_pattern($1, vnstat_exec_t, vnstat_t)
+')
+
+########################################
+## <summary>
+##	Execute a domain transition to run vnstatd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_domtrans',`
+	gen_require(`
+		type vnstatd_t, vnstatd_exec_t;
+	')
+
+	domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
+')
+
+########################################
+## <summary>
+##	Search vnstatd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_search_lib',`
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	allow $1 vnstatd_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+##	Manage vnstatd lib dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_manage_lib_dirs',`
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read vnstatd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_read_lib_files',`
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	vnstatd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`vnstatd_manage_lib_files',`
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an vnstatd environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`vnstatd_admin',`
+	gen_require(`
+		type vnstatd_t, vnstatd_var_lib_t;
+	')
+
+	allow $1 vnstatd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, vnstatd_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, vnstatd_var_lib_t)
+')
diff --git a/policy/modules/services/vnstatd.te b/policy/modules/services/vnstatd.te
new file mode 100644
index 000000000..8121937aa
--- /dev/null
+++ b/policy/modules/services/vnstatd.te
@@ -0,0 +1,80 @@
+policy_module(vnstatd, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type vnstat_t;
+type vnstat_exec_t;
+application_domain(vnstat_t, vnstat_exec_t)
+
+type vnstatd_t;
+type vnstatd_exec_t;
+init_daemon_domain(vnstatd_t, vnstatd_exec_t)
+
+type vnstatd_var_lib_t;
+files_type(vnstatd_var_lib_t)
+
+type vnstatd_var_run_t;
+files_pid_file(vnstatd_var_run_t)
+
+########################################
+#
+# vnstatd local policy
+#
+
+allow vnstatd_t self:process signal;
+allow vnstatd_t self:fifo_file rw_fifo_file_perms;
+allow vnstatd_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
+manage_files_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
+files_var_lib_filetrans(vnstatd_t, vnstatd_var_lib_t, { dir file })
+
+manage_files_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
+manage_dirs_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
+files_pid_filetrans(vnstatd_t, vnstatd_var_run_t, { dir file })
+
+kernel_read_network_state(vnstatd_t)
+kernel_read_system_state(vnstatd_t)
+
+domain_use_interactive_fds(vnstatd_t)
+
+files_read_etc_files(vnstatd_t)
+
+fs_getattr_xattr_fs(vnstatd_t)
+
+logging_send_syslog_msg(vnstatd_t)
+
+miscfiles_read_localization(vnstatd_t)
+
+optional_policy(`
+	cron_system_entry(vnstat_t, vnstat_exec_t)
+')
+
+########################################
+#
+# vnstat local policy
+#
+
+allow vnstat_t self:process signal;
+allow vnstat_t self:fifo_file rw_fifo_file_perms;
+allow vnstat_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
+manage_files_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
+files_var_lib_filetrans(vnstat_t, vnstatd_var_lib_t, { dir file })
+
+kernel_read_network_state(vnstat_t)
+kernel_read_system_state(vnstat_t)
+
+domain_use_interactive_fds(vnstat_t)
+
+files_read_etc_files(vnstat_t)
+
+fs_getattr_xattr_fs(vnstat_t)
+
+logging_send_syslog_msg(vnstat_t)
+
+miscfiles_read_localization(vnstat_t)