diff --git a/policy/modules/admin/certwatch.if b/policy/modules/admin/certwatch.if
index 535fdd7..f303bba 100644
--- a/policy/modules/admin/certwatch.if
+++ b/policy/modules/admin/certwatch.if
@@ -44,7 +44,7 @@ interface(`certwatch_domtrans',`
 ## </param>
 ## <rolecap/>
 #
-interface(`certwatach_run',`
+interface(`certwatch_run',`
 	gen_require(`
 		type certwatch_t;
 	')
@@ -53,3 +53,32 @@ interface(`certwatach_run',`
 	role $2 types certwatch_t;
 	allow certwatch_t $3:chr_file rw_term_perms;
 ')
+
+########################################
+## <summary>
+##	Execute certwatch in the certwatch domain, and
+##	allow the specified role the certwatch domain,
+##	and use the caller's terminal. Has a sigchld
+##	backchannel.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the certwatch domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the certwatch domain to use.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`certwatach_run',`
+	refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.')
+	certwatch_run($*)
+')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index a7fbb1b..6928566 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,2.3.0)
+policy_module(userdomain,2.3.1)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;
@@ -285,7 +285,7 @@ ifdef(`strict_policy',`
 	')
 
 	optional_policy(`
-		certwatach_run(sysadm_t,sysadm_r,admin_terminal)
+		certwatch_run(sysadm_t,sysadm_r,admin_terminal)
 	')
 
 	optional_policy(`