diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index b267560..b42af1b 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -232,6 +232,8 @@ ifdef(`distro_gentoo',`
 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
+/usr/share/ajaxterm/qweb.py.* --	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/ajaxterm/ajaxterm.py.* --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/dayplanner/dayplanner --	gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index bb4adcb..f15e5ba 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -71,6 +71,7 @@ network_port(afs_ka, udp,7004,s0)
 network_port(afs_pt, udp,7002,s0)
 network_port(afs_vl, udp,7003,s0)
 network_port(agentx, udp,705,s0, tcp,705,s0)
+network_port(ajaxterm, tcp,8022,s0)
 network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
 network_port(amavisd_recv, tcp,10024,s0)
 network_port(amavisd_send, tcp,10025,s0)
diff --git a/policy/modules/services/ajaxterm.fc b/policy/modules/services/ajaxterm.fc
new file mode 100644
index 0000000..aeb1888
--- /dev/null
+++ b/policy/modules/services/ajaxterm.fc
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/ajaxterm	--	gen_context(system_u:object_r:ajaxterm_initrc_exec_t,s0)
+
+/usr/share/ajaxterm/ajaxterm\.py	--	gen_context(system_u:object_r:ajaxterm_exec_t,s0)
+
+/var/run/ajaxterm\.pid		--	gen_context(system_u:object_r:ajaxterm_var_run_t,s0)
diff --git a/policy/modules/services/ajaxterm.if b/policy/modules/services/ajaxterm.if
new file mode 100644
index 0000000..581ae6e
--- /dev/null
+++ b/policy/modules/services/ajaxterm.if
@@ -0,0 +1,72 @@
+
+## <summary>policy for ajaxterm</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ajaxterm.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ajaxterm_domtrans',`
+	gen_require(`
+		type ajaxterm_t, ajaxterm_exec_t;
+	')
+
+	domtrans_pattern($1, ajaxterm_exec_t, ajaxterm_t)
+')
+
+
+########################################
+## <summary>
+##	Execute ajaxterm server in the ajaxterm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`ajaxterm_initrc_domtrans',`
+	gen_require(`
+		type ajaxterm_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, ajaxterm_initrc_exec_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an ajaxterm environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`ajaxterm_admin',`
+	gen_require(`
+		type ajaxterm_t;
+		type ajaxterm_initrc_exec_t;
+	')
+
+	allow $1 ajaxterm_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ajaxterm_t)
+
+	ajaxterm_initrc_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 ajaxterm_initrc_exec_t system_r;
+	allow $2 system_r;
+
+')
diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
new file mode 100644
index 0000000..8cb701b
--- /dev/null
+++ b/policy/modules/services/ajaxterm.te
@@ -0,0 +1,55 @@
+policy_module(ajaxterm,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type ajaxterm_t;
+type ajaxterm_exec_t;
+init_daemon_domain(ajaxterm_t, ajaxterm_exec_t)
+
+type ajaxterm_initrc_exec_t;
+init_script_file(ajaxterm_initrc_exec_t)
+
+type ajaxterm_var_run_t;
+files_pid_file(ajaxterm_var_run_t)
+
+type ajaxterm_devpts_t;
+term_login_pty(ajaxterm_devpts_t)
+
+permissive ajaxterm_t;
+
+########################################
+#
+# ajaxterm local policy
+#
+allow ajaxterm_t self:capability setuid;
+allow ajaxterm_t self:process setpgid;
+allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
+allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
+allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
+
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom;
+term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
+
+manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
+manage_files_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
+files_pid_filetrans(ajaxterm_t, ajaxterm_var_run_t, { file dir })
+
+kernel_read_system_state(ajaxterm_t)
+
+corecmd_exec_bin(ajaxterm_t)
+
+corenet_tcp_bind_generic_node(ajaxterm_t)
+
+dev_read_urand(ajaxterm_t)
+
+domain_use_interactive_fds(ajaxterm_t)
+
+files_read_etc_files(ajaxterm_t)
+files_read_usr_files(ajaxterm_t)
+
+miscfiles_read_localization(ajaxterm_t)
+
+sysnet_dns_name_resolve(ajaxterm_t)