diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index d665498e4..c36d5448a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -551,6 +551,7 @@ ifdef(`init_systemd',`
 
 	optional_policy(`
 		systemd_dbus_chat_logind(init_t)
+		systemd_create_logind_linger_dir(init_t)
 		systemd_search_all_user_keys(init_t)
 		systemd_create_all_user_keys(init_t)
 		systemd_write_all_user_keys(init_t)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index f48cc5413..2370c729b 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -2031,6 +2031,27 @@ interface(`systemd_read_logind_state',`
 	allow systemd_logind_t $1:file read_file_perms;
 ')
 
+########################################
+## <summary>
+##	Allow the specified domain to create
+##	the systemd-logind linger directory with
+##	the correct context.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`systemd_create_logind_linger_dir',`
+	gen_require(`
+		type systemd_logind_var_lib_t;
+	')
+
+	init_var_lib_filetrans($1, systemd_logind_var_lib_t, dir, "linger")
+	allow $1 systemd_logind_var_lib_t:dir create;
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to start systemd
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index b6290e610..d9efcacf3 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1725,6 +1725,7 @@ kernel_read_kernel_sysctls(systemd_update_done_t)
 
 selinux_use_status_page(systemd_update_done_t)
 
+seutil_read_config(systemd_update_done_t)
 seutil_read_file_contexts(systemd_update_done_t)
 
 systemd_log_parse_environment(systemd_update_done_t)