diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 285cc6652..9b6cea9ac 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1316,6 +1316,9 @@ userdom_user_runtime_filetrans(systemd_user_session_type, systemd_user_runtime_t
 allow systemd_user_session_type systemd_user_runtime_notify_t:sock_file create;
 type_transition systemd_user_session_type systemd_user_runtime_t:sock_file systemd_user_runtime_notify_t "notify";
 
+# Run generators in /usr/lib/systemd/user-environment-generators with no domain transition
+can_exec(systemd_user_session_type, systemd_generator_exec_t)
+
 dev_write_sysfs_dirs(systemd_user_session_type)
 dev_read_sysfs(systemd_user_session_type)