diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
index bbc3527e1..682fdb5fb 100644
--- a/policy/modules/roles/auditadm.te
+++ b/policy/modules/roles/auditadm.te
@@ -56,7 +56,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	sysadm_role_change(auditadm_r)
+	sysadm_role_change(auditadm_r, auditadm_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 098c9cb08..a73b89d06 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -68,7 +68,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	sysadm_role_change(secadm_r)
+	sysadm_role_change(secadm_r, secadm_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 09397a338..63e1268b8 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,7 +52,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	sysadm_role_change(staff_r)
+	sysadm_role_change(staff_r, staff_t)
 	userdom_dontaudit_use_user_terminals(staff_t)
 ')
 
diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
index ff9243078..3d931bb12 100644
--- a/policy/modules/roles/sysadm.if
+++ b/policy/modules/roles/sysadm.if
@@ -9,14 +9,24 @@
 ##	Role allowed access.
 ##	</summary>
 ## </param>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
 ## <rolecap/>
 #
 interface(`sysadm_role_change',`
 	gen_require(`
+		type sysadm_t;
 		role sysadm_r;
 	')
 
 	allow $1 sysadm_r;
+
+	tunable_policy(`sysadm_allow_rw_inherited_fifo', `
+		allow sysadm_t $2:fifo_file rw_inherited_fifo_file_perms;
+	')
 ')
 
 ########################################
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 0630db47e..29159f89d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -12,6 +12,14 @@ policy_module(sysadm, 2.15.3)
 ## </desc>
 gen_tunable(allow_ptrace, false)
 
+## <desc>
+## <p>
+## Allow sysadm to read/write to fifo files inherited from
+## a domain allowed to change role.
+## </p>
+## </desc>
+gen_tunable(sysadm_allow_rw_inherited_fifo, false)
+
 #role sysadm_r;
 
 userdom_admin_user_template(sysadm)