diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index 37b03f6..9971337 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -38,10 +38,12 @@ template(`courier_domain_template',`
 	read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
 	allow courier_$1_t courier_etc_t:dir list_dir_perms;
 
+	manage_dirs_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	files_search_pids(courier_$1_t)
+	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
 
 	kernel_read_system_state(courier_$1_t)
 	kernel_read_kernel_sysctls(courier_$1_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index b96c242..72901d8 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -48,6 +48,7 @@ allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_fifo_file_perms;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:unix_stream_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:process sigchld;
+allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;