diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 99886239d..8772ddf02 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1020,7 +1020,7 @@ allow systemd_passwd_agent_t self:capability { chown sys_tty_config dac_override
 allow systemd_passwd_agent_t self:process { setfscreate setsockcreate signal };
 allow systemd_passwd_agent_t self:unix_dgram_socket create_socket_perms;
 
-allow systemd_passwd_agent_t systemd_passwd_var_run_t:dir watch;
+allow systemd_passwd_agent_t systemd_passwd_var_run_t:{ dir file } watch;
 manage_dirs_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t, systemd_passwd_runtime_t)
 manage_files_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t, systemd_passwd_runtime_t)
 manage_sock_files_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t, systemd_passwd_runtime_t)