diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
index 1ead55d05..ca6cd03ed 100644
--- a/policy/modules/services/consolekit.te
+++ b/policy/modules/services/consolekit.te
@@ -1,5 +1,5 @@
 
-policy_module(consolekit, 1.5.0)
+policy_module(consolekit, 1.5.1)
 
 ########################################
 #
@@ -108,6 +108,7 @@ optional_policy(`
 optional_policy(`
 	xserver_read_xdm_pid(consolekit_t)
 	xserver_read_user_xauth(consolekit_t)
+	xserver_non_drawing_client(consolekit_t)
 	corenet_tcp_connect_xserver_port(consolekit_t)
 ')
 
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index e34a892e7..8633a6a8a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -232,6 +232,37 @@ interface(`xserver_rw_session',`
 	allow $1 xserver_tmpfs_t:file rw_file_perms;
 ')
 
+#######################################
+## <summary>
+##	Create non-drawing client sessions on an X server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_non_drawing_client',`
+	gen_require(`
+		class x_drawable { getattr get_property };
+		class x_extension { query use };
+		class x_gc { create setattr };
+		class x_property read;
+
+		type xserver_t, xdm_var_run_t;
+		type xextension_t, xproperty_t, root_xdrawable_t;
+	')
+
+	allow $1 self:x_gc { create setattr };
+
+	allow $1 xdm_var_run_t:dir search;
+	allow $1 xserver_t:unix_stream_socket connectto;
+
+	allow $1 xextension_t:x_extension { query use };
+	allow $1 root_xdrawable_t:x_drawable { getattr get_property };
+	allow $1 xproperty_t:x_property read;
+')
+
 #######################################
 ## <summary>
 ##	Create full client sessions
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 89ba2dd23..bf0f13102 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,5 +1,5 @@
 
-policy_module(xserver, 3.3.1)
+policy_module(xserver, 3.3.2)
 
 gen_require(`
 	class x_drawable all_x_drawable_perms;