diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 0fc746484..22d1ebaf5 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -423,6 +423,10 @@ optional_policy(`
 	rpc_tcp_rw_nfs_sockets(kernel_t)
 	rpc_udp_rw_nfs_sockets(kernel_t)
 
+	optional_policy(`
+		gssproxy_stream_connect(kernel_t)
+	')
+
 	tunable_policy(`nfs_export_all_ro',`
 		fs_getattr_noxattr_fs(kernel_t)
 		fs_list_noxattr_fs(kernel_t)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 93c9ee5f1..d25dd34bb 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -454,6 +454,10 @@ optional_policy(`
 	gpsd_admin(sysadm_t, sysadm_r)
 ')
 
+optional_policy(`
+	gssproxy_admin(sysadm_t)
+')
+
 optional_policy(`
 	hadoop_role(sysadm_r, sysadm_t)
 ')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index efb31d0ae..49eff3a65 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -663,6 +663,10 @@ template(`userdom_common_user_template',`
 		dpkg_read_db($1_t)
 	')
 
+	optional_policy(`
+		gssproxy_stream_connect($1_t)
+	')
+
 	optional_policy(`
 		hwloc_exec_dhwd($1_t)
 		hwloc_read_runtime_files($1_t)