diff --git a/Changelog b/Changelog
index 0de73bcaa..acffe2a2c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add syslog capability.
 - Support for logging in to /dev/console, from Harry Ciao.
 - Database object class updates and associated SEPostgreSQL changes from
   KaiGai Kohei.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index ae29de3a4..0ef9b1266 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -428,6 +428,7 @@ class capability2
 {
 	mac_override	# unused by SELinux
 	mac_admin	# unused by SELinux
+	syslog
 }
 
 #
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index d7468b370..069d36c77 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -442,6 +442,7 @@ interface(`kernel_read_ring_buffer',`
 		type kernel_t;
 	')
 
+	allow $1 self:capability2 syslog;
 	allow $1 kernel_t:system syslog_read;
 ')
 
@@ -479,7 +480,16 @@ interface(`kernel_change_ring_buffer_level',`
 		type kernel_t;
 	')
 
+	allow $1 self:capability2 syslog;
 	allow $1 kernel_t:system syslog_console;
+
+	ifdef(`distro_rhel4',`
+		allow $1 self:capability2 sys_admin;
+	')
+
+	ifdef(`distro_rhel5',`
+		allow $1 self:capability2 sys_admin;
+	')
 ')
 
 ########################################
@@ -498,7 +508,16 @@ interface(`kernel_clear_ring_buffer',`
 		type kernel_t;
 	')
 
+	allow $1 self:capability2 syslog;
 	allow $1 kernel_t:system syslog_mod;
+
+	ifdef(`distro_rhel4',`
+		allow $1 self:capability2 sys_admin;
+	')
+
+	ifdef(`distro_rhel5',`
+		allow $1 self:capability2 sys_admin;
+	')
 ')
 
 ########################################