diff --git a/SOURCES/systemd_hs.if b/SOURCES/systemd_hs.if
new file mode 100644
index 0000000..6695e0e
--- /dev/null
+++ b/SOURCES/systemd_hs.if
@@ -0,0 +1,20 @@
+########################################
+## <summary>
+##	Allows the caller to use the SELinux status page.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`selinux_use_status_page',`
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file mmap_read_file_perms;
+')
diff --git a/SOURCES/systemd_hs.te b/SOURCES/systemd_hs.te
index 5498233..577a0a3 100644
--- a/SOURCES/systemd_hs.te
+++ b/SOURCES/systemd_hs.te
@@ -9,11 +9,14 @@ gen_require(`
 	type policykit_auth_t;
 	type policykit_t;
 	type proc_kmsg_t;
+	type rpm_t;
 	type system_dbusd_t;
 	type systemd_hostnamed_t;
 	type systemd_localed_t;
 	type systemd_logind_t;
 	type systemd_machined_t;
+	type systemd_resolved_t;
+	type systemd_tmpfiles_t;
 	type security_t;
 	type syslogd_t;
 	type user_tmp_t;
@@ -29,11 +32,16 @@ allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;
 allow policykit_t systemd_machined_t:unix_stream_socket connectto;
 allow syslogd_t user_tmp_t:lnk_file read;
 allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;
-allow systemd_hostnamed_t security_t:file map;
-allow systemd_localed_t security_t:file map;
 allow systemd_logind_t self:netlink_selinux_socket create;
 allow systemd_logind_t self:netlink_selinux_socket bind;
-allow systemd_logind_t security_t:file map;
 allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
 allow systemd_machined_t init_var_run_t:sock_file create;
 allow xdm_t systemd_machined_t:unix_stream_socket connectto;
+
+selinux_use_status_page(init_t)
+selinux_use_status_page(rpm_t)
+selinux_use_status_page(systemd_hostnamed_t)
+selinux_use_status_page(systemd_localed_t)
+selinux_use_status_page(systemd_logind_t)
+selinux_use_status_page(systemd_resolved_t)
+selinux_use_status_page(systemd_tmpfiles_t)
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index cdacde0..387a925 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -26,7 +26,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        247.3
-Release:        7%{?dist}
+Release:        8%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -65,6 +65,7 @@ Source24:       sysusers.generate-pre.sh
 # Needed for selinux subpackage
 Source100:      Makefile.selinux
 Source101:      systemd_hs.te
+Source102:      systemd_hs.if
 
 %if 0
 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
@@ -391,7 +392,7 @@ runs properly under an environment with SELinux enabled.
 
 %if %{with selinux}
 mkdir selinux
-cp %SOURCE100 %SOURCE101 selinux
+cp %SOURCE100 %SOURCE101 %SOURCE102 selinux
 %endif
 
 %build
@@ -957,6 +958,10 @@ fi
 %endif
 
 %changelog
+* Thu Apr  1 2021 Davide Cavalca <dcavalca@fb.com> - 247.3-8
+- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix
+  systemd-hostnamed and systemd-localed when SELinux is enabled.
+
 * Thu Apr  1 2021 Anita Zhang <anitazha@fb.com> - 247.3-7
 - Downgrade sysv-generator warning even more (to debug)