diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index 2b56ed7..ade4fca 100644
--- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te
@@ -1,5 +1,5 @@
 
-policy_module(firstboot, 1.7.1)
+policy_module(firstboot, 1.7.2)
 
 gen_require(`
 	class passwd rootok;
@@ -118,6 +118,10 @@ optional_policy(`
 	usermanage_domtrans_admin_passwd(firstboot_t)
 ')
 
+optional_policy(`
+	xserver_rw_xdm_xserver_shm(firstboot_t)
+')
+
 ifdef(`TODO',`
 allow firstboot_t proc_t:file write;
 
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 8300c4e..18fa881 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1674,6 +1674,24 @@ interface(`xserver_stream_connect_xdm_xserver',`
 
 ########################################
 ## <summary>
+##	xdm xserver RW shared memory socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_rw_xdm_xserver_shm',`
+	gen_require(`
+		type xdm_xserver_t;
+	')
+
+	allow $1 xdm_xserver_t:shm rw_shm_perms;
+')
+
+########################################
+## <summary>
 ##	Interface to provide X object permissions on a given X server to
 ##	an X client domain.  Gives the domain complete control over the
 ##	display.
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 01757d4..f71f5c6 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,5 +1,5 @@
 
-policy_module(xserver, 2.1.0)
+policy_module(xserver, 2.1.1)
 
 ########################################
 #