diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index e039047..8d12200 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,6 @@
+- Added modules:
+	sysstat
+
 * Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
 - Add unlabeled IPSEC association rule to domains with
   networking permissions.
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 3dcd01c..10c4a28 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -157,6 +157,23 @@ interface(`term_write_console',`
 
 ########################################
 ## <summary>
+##	Read from the console.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`term_read_console',`
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file read;
+')
+
+########################################
+## <summary>
 ##	Read from and write to the console.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index e5792d2..81e5ef1 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -398,6 +398,10 @@ ifdef(`targeted_policy',`
 		#samba_read_secrets(system_crond_t)
 	')
 
+	optional_policy(`sysstat',`
+		sysstat_manage_log(system_crond_t)
+	')
+
 	ifdef(`TODO',`
 	dontaudit userdomain system_crond_t:fd use;
 
diff --git a/refpolicy/policy/modules/services/sysstat.fc b/refpolicy/policy/modules/services/sysstat.fc
new file mode 100644
index 0000000..b319f6a
--- /dev/null
+++ b/refpolicy/policy/modules/services/sysstat.fc
@@ -0,0 +1,8 @@
+
+/usr/lib(64)?/atsar/atsa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
+/usr/lib(64)?/sa/sadc		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
+/usr/lib(64)?/sysstat/sa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
+
+/var/log/atsar(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
+/var/log/sa(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
+/var/log/sysstat(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
diff --git a/refpolicy/policy/modules/services/sysstat.if b/refpolicy/policy/modules/services/sysstat.if
new file mode 100644
index 0000000..6428dad
--- /dev/null
+++ b/refpolicy/policy/modules/services/sysstat.if
@@ -0,0 +1,19 @@
+## <summary>Policy for sysstat. Reports on various system states</summary>
+
+########################################
+## <summary>
+##	Manage sysstat logs.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`sysstat_manage_log',`
+	gen_require(`
+		type sysstat_log_t;
+	')
+
+        logging_search_logs($1)
+	allow $1 sysstat_log_t:dir rw_dir_perms;
+	allow $1 sysstat_log_t:file manage_file_perms;
+')
diff --git a/refpolicy/policy/modules/services/sysstat.te b/refpolicy/policy/modules/services/sysstat.te
new file mode 100644
index 0000000..99b0eee
--- /dev/null
+++ b/refpolicy/policy/modules/services/sysstat.te
@@ -0,0 +1,71 @@
+
+policy_module(sysstat,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type sysstat_t;
+type sysstat_exec_t;
+init_system_domain(sysstat_t,sysstat_exec_t)
+role system_r types sysstat_t;
+
+type sysstat_log_t;
+logging_log_file(sysstat_log_t)
+
+########################################
+#
+# Local policy
+#
+
+allow sysstat_t self:capability sys_resource;
+dontaudit sysstat_t self:capability sys_admin;
+allow sysstat_t self:fifo_file rw_file_perms;
+
+can_exec(sysstat_t, sysstat_exec_t)
+
+allow sysstat_t sysstat_log_t:file create_file_perms;
+allow sysstat_t sysstat_log_t:dir rw_dir_perms;
+logging_create_log(sysstat_t,sysstat_log_t,{ file dir })
+
+# get info from /proc
+kernel_read_system_state(sysstat_t)
+kernel_read_network_state(sysstat_t)
+kernel_read_kernel_sysctl(sysstat_t)
+kernel_read_fs_sysctl(sysstat_t)
+kernel_read_rpc_sysctl(sysstat_t)
+
+corecmd_dontaudit_search_sbin(sysstat_t)
+corecmd_exec_bin(sysstat_t)
+
+dev_read_urand(sysstat_t)
+
+files_search_var(sysstat_t)
+# for mtab
+files_read_etc_runtime_files(sysstat_t)
+#for fstab
+files_read_etc_files(sysstat_t)
+
+fs_getattr_xattr_fs(sysstat_t)
+
+term_use_controlling_term(sysstat_t)
+term_rw_console(sysstat_t)
+
+init_use_fd(sysstat_t)
+init_use_script_pty(sysstat_t)
+
+libs_use_ld_so(sysstat_t)
+libs_use_shared_libs(sysstat_t)
+
+miscfiles_read_localization(sysstat_t)
+
+userdom_dontaudit_read_sysadm_home_dir(sysstat_t)
+
+optional_policy(`cron',`
+	cron_system_entry(sysstat_t,sysstat_exec_t)
+')
+
+optional_policy(`logging',`
+	logging_send_syslog_msg(sysstat_t)
+')