diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 0fc5951e9..e5049e1fd 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -426,6 +426,10 @@ files_read_etc_files(nsswitch_domain)
 
 sysnet_dns_name_resolve(nsswitch_domain)
 
+ifdef(`init_systemd', `
+	systemd_stream_connect_userdb(nsswitch_domain)
+')
+
 tunable_policy(`authlogin_nsswitch_use_ldap',`
 	miscfiles_read_generic_certs(nsswitch_domain)
 	sysnet_use_ldap(nsswitch_domain)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 66482eb35..3a60ebd42 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -923,6 +923,25 @@ interface(`init_stream_connect',`
 	allow $1 init_t:unix_stream_socket getattr;
 ')
 
+########################################
+## <summary>
+##	Connect to init with a unix socket.
+##  Without any additional permissions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_unix_stream_socket_connectto',`
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:unix_stream_socket connectto;
+')
+
 ########################################
 ## <summary>
 ##	Inherit and use file descriptors from init.
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 895437e78..c8f33d51d 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -462,6 +462,27 @@ interface(`systemd_manage_userdb_runtime_sock_files', `
 	manage_sock_files_pattern($1, systemd_userdb_runtime_t, systemd_userdb_runtime_t)
 ')
 
+########################################
+## <summary>
+##  Connect to /run/systemd/userdb/io.systemd.DynamicUser .
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`systemd_stream_connect_userdb', `
+	gen_require(`
+		type systemd_userdb_runtime_t;
+	')
+
+	init_search_runtime($1)
+	allow $1 systemd_userdb_runtime_t:dir list_dir_perms;
+	allow $1 systemd_userdb_runtime_t:sock_file write_sock_file_perms;
+	init_unix_stream_socket_connectto($1)
+')
+
 ########################################
 ## <summary>
 ##	Allow reading /run/systemd/machines