diff --git a/Changelog b/Changelog
index 38bf94771..183a98d3d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- 64-bit capabilities from Stephen Smalley.
 - Labeled networking peer object class updates.
 
 * Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 45d9773db..736b7b5f7 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -347,6 +347,7 @@ class system
 class capability
 {
 	# The capabilities are defined in include/linux/capability.h
+	# Capabilities >= 32 are defined in the capability2 class.
 	# Care should be taken to ensure that these are consistent with
 	# those definitions. (Order matters)
 
@@ -384,6 +385,11 @@ class capability
 	setfcap
 }
 
+class capability2 
+{
+	mac_override	# unused by SELinux
+	mac_admin	# unused by SELinux
+}
 
 #
 # Define the access vector interpretation for controlling
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 121fcbc20..68c437455 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -109,4 +109,7 @@ class db_blob			# userspace
 # network peer labels
 class peer
 
+# Capabilities >= 32
+class capability2
+
 # FLASK