diff --git a/Changelog b/Changelog
index 6a80952e5..0cc52d0c0 100644
--- a/Changelog
+++ b/Changelog
@@ -29,6 +29,7 @@
pingd (Dan Walsh)
psad (Dan Walsh)
portreserve (Dan Walsh)
+ sssd (Dan Walsh)
ulogd (Dan Walsh)
webadm (Dan Walsh)
xguest (Dan Walsh)
diff --git a/policy/modules/services/sssd.fc b/policy/modules/services/sssd.fc
new file mode 100644
index 000000000..f2b7dbfe7
--- /dev/null
+++ b/policy/modules/services/sssd.fc
@@ -0,0 +1,6 @@
+/etc/rc.d/init.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
+
+/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
+
+/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
+/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
new file mode 100644
index 000000000..62d8b99d1
--- /dev/null
+++ b/policy/modules/services/sssd.if
@@ -0,0 +1,200 @@
+## System Security Services Daemon
+
+########################################
+##
+## Execute a domain transition to run sssd.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`sssd_domtrans',`
+ gen_require(`
+ type sssd_t, sssd_exec_t;
+ ')
+
+ domtrans_pattern($1, sssd_exec_t, sssd_t)
+')
+
+########################################
+##
+## Read sssd PID files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_read_pid_files',`
+ gen_require(`
+ type sssd_var_run_t;
+ ')
+
+ files_search_pids($1)
+ allow $1 sssd_var_run_t:file read_file_perms;
+')
+
+########################################
+##
+## Manage sssd var_run files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_manage_pids',`
+ gen_require(`
+ type sssd_var_run_t;
+ ')
+
+ manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t)
+ manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t)
+')
+
+########################################
+##
+## Search sssd lib directories.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_search_lib',`
+ gen_require(`
+ type sssd_var_lib_t;
+ ')
+
+ allow $1 sssd_var_lib_t:dir search_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+##
+## Read sssd lib files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_read_lib_files',`
+ gen_require(`
+ type sssd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ read_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+')
+
+########################################
+##
+## Create, read, write, and delete
+## sssd lib files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_manage_lib_files',`
+ gen_require(`
+ type sssd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+')
+
+########################################
+##
+## Send and receive messages from
+## sssd over dbus.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_dbus_chat',`
+ gen_require(`
+ type sssd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 sssd_t:dbus send_msg;
+ allow sssd_t $1:dbus send_msg;
+')
+
+########################################
+##
+## Connect to sssd over an unix stream socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sssd_stream_connect',`
+ gen_require(`
+ type sssd_t, sssd_var_lib_t;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, sssd_var_lib_t, sssd_var_lib_t, sssd_t)
+')
+
+########################################
+##
+## All of the rules required to administrate
+## an sssd environment
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed to manage the sssd domain.
+##
+##
+##
+##
+## The type of the user terminal.
+##
+##
+##
+#
+interface(`sssd_admin',`
+ gen_require(`
+ type sssd_t;
+ ')
+
+ allow $1 sssd_t:process { ptrace signal_perms getattr };
+ read_files_pattern($1, sssd_t, sssd_t)
+
+ gen_require(`
+ type sssd_initrc_exec_t;
+ ')
+
+ # Allow sssd_t to restart the apache service
+ sssd_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 sssd_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ sssd_manage_pids($1)
+
+ sssd_manage_lib_files($1)
+')
diff --git a/policy/modules/services/sssd.te b/policy/modules/services/sssd.te
new file mode 100644
index 000000000..59777c9a6
--- /dev/null
+++ b/policy/modules/services/sssd.te
@@ -0,0 +1,64 @@
+
+policy_module(sssd, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type sssd_t;
+type sssd_exec_t;
+init_daemon_domain(sssd_t, sssd_exec_t)
+
+type sssd_initrc_exec_t;
+init_script_file(sssd_initrc_exec_t)
+
+type sssd_var_lib_t;
+files_type(sssd_var_lib_t)
+
+type sssd_var_run_t;
+files_pid_file(sssd_var_run_t)
+
+########################################
+#
+# sssd local policy
+#
+allow sssd_t self:capability { sys_nice setuid };
+allow sssd_t self:process { setsched signal getsched };
+allow sssd_t self:fifo_file rw_file_perms;
+allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+manage_dirs_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
+manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
+manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
+files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
+
+manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
+manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
+files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
+
+kernel_read_system_state(sssd_t)
+
+corecmd_exec_bin(sssd_t)
+
+dev_read_urand(sssd_t)
+
+files_list_tmp(sssd_t)
+files_read_etc_files(sssd_t)
+files_read_usr_files(sssd_t)
+
+auth_use_nsswitch(sssd_t)
+auth_domtrans_chk_passwd(sssd_t)
+auth_domtrans_upd_passwd(sssd_t)
+
+init_read_utmp(sssd_t)
+
+logging_send_syslog_msg(sssd_t)
+logging_send_audit_msgs(sssd_t)
+
+miscfiles_read_localization(sssd_t)
+
+optional_policy(`
+ dbus_system_bus_client(sssd_t)
+ dbus_connect_system_bus(sssd_t)
+')