diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index ba98628b3..17b35b45a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -125,8 +125,12 @@ template(`xserver_restricted_role',`
 	# Client write xserver shm
 	tunable_policy(`allow_write_xshm',`
 		allow $2 xserver_t:shm rw_shm_perms;
+	')
+
+	tunable_policy(`allow_write_xserver_tmpfs',`
 		allow $2 xserver_tmpfs_t:file rw_file_perms;
 	')
+
 	tunable_policy(`xserver_allow_dri',`
 		dev_rw_dri($2)
 	')
@@ -482,6 +486,9 @@ template(`xserver_user_x_domain_template',`
 	# Client write xserver shm
 	tunable_policy(`allow_write_xshm',`
 		allow $2 xserver_t:shm rw_shm_perms;
+	')
+
+	tunable_policy(`allow_write_xserver_tmpfs',`
 		allow $2 xserver_tmpfs_t:file rw_file_perms;
 	')
 ')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 8a3c658a8..59abe7347 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -33,6 +33,14 @@ gen_require(`
 ## </desc>
 gen_tunable(allow_write_xshm, false)
 
+## <desc>
+## <p>
+## Allows clients to write to the X server tmpfs
+## files.
+## </p>
+## </desc>
+gen_tunable(allow_write_xserver_tmpfs, false)
+
 ## <desc>
 ## <p>
 ## Allow xdm logins as sysadm