diff --git a/policy/modules/services/corosync.fc b/policy/modules/services/corosync.fc
index 1c4787d7f..d083af511 100644
--- a/policy/modules/services/corosync.fc
+++ b/policy/modules/services/corosync.fc
@@ -2,9 +2,11 @@
 
 /usr/bin/corosync	--	gen_context(system_u:object_r:corosync_exec_t,s0)
 /usr/bin/corosync-notifyd	--	gen_context(system_u:object_r:corosync_exec_t,s0)
+/usr/bin/corosync-cmapctl      --      gen_context(system_u:object_r:corosync_exec_t,s0)
 
 /usr/sbin/corosync	--	gen_context(system_u:object_r:corosync_exec_t,s0)
 /usr/sbin/corosync-notifyd	--	gen_context(system_u:object_r:corosync_exec_t,s0)
+/usr/sbin/corosync-cmapctl      --      gen_context(system_u:object_r:corosync_exec_t,s0)
 
 ifdef(`distro_redhat',`
 /usr/share/corosync/corosync			--	gen_context(system_u:object_r:corosync_exec_t,s0)
diff --git a/policy/modules/services/corosync.if b/policy/modules/services/corosync.if
index ee54bc9a1..cbac307b3 100644
--- a/policy/modules/services/corosync.if
+++ b/policy/modules/services/corosync.if
@@ -135,6 +135,24 @@ interface(`corosync_rw_tmpfs',`
 	rw_files_pattern($1, corosync_tmpfs_t, corosync_tmpfs_t)
 ')
 
+########################################
+## <summary>
+##	Read process state of corosync.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corosync_read_state',`
+	gen_require(`
+		type corosync_t;
+	')
+
+	ps_process_pattern($1, corosync_t)
+')
+
 ######################################
 ## <summary>
 ##	All of the rules required to
diff --git a/policy/modules/services/pacemaker.fc b/policy/modules/services/pacemaker.fc
index dc7fbb8d6..bf86e8d86 100644
--- a/policy/modules/services/pacemaker.fc
+++ b/policy/modules/services/pacemaker.fc
@@ -10,3 +10,6 @@
 
 /run/crm(/.*)?	gen_context(system_u:object_r:pacemaker_runtime_t,s0)
 /run/resource-agents(/.*)?		gen_context(system_u:object_r:pacemaker_runtime_t,s0)
+
+/usr/lib/pcs/pcs_snmp_agent     --      gen_context(system_u:object_r:pcs_snmp_agent_exec_t,s0)
+
diff --git a/policy/modules/services/pacemaker.te b/policy/modules/services/pacemaker.te
index a34f55362..958348e30 100644
--- a/policy/modules/services/pacemaker.te
+++ b/policy/modules/services/pacemaker.te
@@ -37,9 +37,16 @@ files_tmpfs_file(pacemaker_tmpfs_t)
 type pacemaker_var_lib_t;
 files_type(pacemaker_var_lib_t)
 
+type pcs_snmp_agent_t;
+type pcs_snmp_agent_exec_t;
+init_daemon_domain(pcs_snmp_agent_t, pcs_snmp_agent_exec_t)
+
+type pcs_snmp_agent_log_t;
+logging_log_file(pcs_snmp_agent_log_t)
+
 ########################################
 #
-# Local policy
+# Pacemaker policy
 #
 
 allow pacemaker_t self:capability { chown dac_override fowner fsetid kill net_raw setgid setuid };
@@ -136,3 +143,66 @@ optional_policy(`
 optional_policy(`
 	sysnet_domtrans_ifconfig(pacemaker_t)
 ')
+
+########################################
+#
+# pcs_snmp_agent policy
+#
+
+allow pcs_snmp_agent_t self:capability { dac_override sys_resource };
+allow pcs_snmp_agent_t self:fifo_file { rw_inherited_fifo_file_perms };
+allow pcs_snmp_agent_t self:process { execmem setsched getsched setrlimit };
+allow pcs_snmp_agent_t self:unix_stream_socket { create_socket_perms };
+
+create_files_pattern(pcs_snmp_agent_t, pcs_snmp_agent_log_t, pcs_snmp_agent_log_t)
+append_files_pattern(pcs_snmp_agent_t, pcs_snmp_agent_log_t, pcs_snmp_agent_log_t)
+logging_log_filetrans(pcs_snmp_agent_t, pcs_snmp_agent_log_t, file)
+
+read_files_pattern(pcs_snmp_agent_t, pacemaker_t, pacemaker_t)
+stream_connect_pattern(pcs_snmp_agent_t, pacemaker_t, pacemaker_t, pacemaker_t)
+allow pcs_snmp_agent_t pacemaker_tmpfs_t:file mmap_rw_file_perms;
+
+corecmd_exec_bin(pcs_snmp_agent_t)
+
+files_read_usr_files(pcs_snmp_agent_t)
+
+fs_list_cgroup_dirs(pcs_snmp_agent_t)
+fs_read_cgroup_files(pcs_snmp_agent_t)
+
+kernel_read_kernel_sysctls(pcs_snmp_agent_t)
+kernel_read_system_state(pcs_snmp_agent_t)
+kernel_read_crypto_sysctls(pcs_snmp_agent_t)
+
+init_search_runtime(pcs_snmp_agent_t)
+init_read_state(pcs_snmp_agent_t)
+init_unix_stream_socket_connectto(pcs_snmp_agent_t)
+
+auth_use_nsswitch(pcs_snmp_agent_t)
+
+miscfiles_read_localization(pcs_snmp_agent_t)
+miscfiles_read_generic_certs(pcs_snmp_agent_t)
+
+ifdef(`init_systemd',`
+	init_get_generic_units_status(pcs_snmp_agent_t)
+	init_get_system_status(pcs_snmp_agent_t)
+	init_list_unit_dirs(pcs_snmp_agent_t)
+	init_service_status(pcs_snmp_agent_t)
+')
+
+optional_policy(`
+	corosync_domtrans(pcs_snmp_agent_t)
+	corosync_read_state(pcs_snmp_agent_t)
+')
+
+optional_policy(`
+	hostname_domtrans(pcs_snmp_agent_t)
+')
+
+optional_policy(`
+	snmp_stream_connect(pcs_snmp_agent_t)
+')
+
+optional_policy(`
+	systemd_read_journal_files(pcs_snmp_agent_t)
+')
+