diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 2ecd325..7273d43 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -14,6 +14,7 @@
 		loadkeys
 		mysql
 		quota
+		rshd
 		su
 		sudo
 		tcpd
diff --git a/refpolicy/policy/modules/services/rshd.fc b/refpolicy/policy/modules/services/rshd.fc
new file mode 100644
index 0000000..225a230
--- /dev/null
+++ b/refpolicy/policy/modules/services/rshd.fc
@@ -0,0 +1,4 @@
+
+/usr/kerberos/sbin/kshd	--	context_template(system_u:object_r:rshd_exec_t,s0)
+
+/usr/sbin/in\.rshd	--	context_template(system_u:object_r:rshd_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/rshd.if b/refpolicy/policy/modules/services/rshd.if
new file mode 100644
index 0000000..9538cb0
--- /dev/null
+++ b/refpolicy/policy/modules/services/rshd.if
@@ -0,0 +1,27 @@
+## <summary>Remote shell service.</summary>
+
+########################################
+## <summary>
+##	Domain transition to rshd.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`rshd_domtrans',`
+	gen_require(`
+		type rshd_exec_t, rshd_t;
+		class process sigchld;
+		class fd use;
+		class fifo_file rw_file_perms;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domain_auto_trans($1,rshd_exec_t,rshd_t)
+
+	allow $1 rshd_t:fd use;
+	allow rshd_t $1:fd use;
+	allow rshd_t $1:fifo_file rw_file_perms;
+	allow rshd_t $1:process sigchld;
+')
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
new file mode 100644
index 0000000..14986b8
--- /dev/null
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -0,0 +1,97 @@
+
+policy_module(rshd,1.0)
+
+########################################
+#
+# Declarations
+#
+type rshd_t;
+type rshd_exec_t;
+inetd_tcp_service_domain(rshd_t,rshd_exec_t)
+domain_subj_id_change_exempt(rshd_t)
+domain_role_change_exempt(rshd_t)
+role system_r types rshd_t;
+
+########################################
+#
+# Local policy
+#
+allow rshd_t self:capability { setuid setgid fowner fsetid chown dac_override};
+allow rshd_t self:process { signal_perms fork setsched setpgid setexec };
+allow rshd_t self:fifo_file rw_file_perms;
+allow rshd_t self:tcp_socket create_stream_socket_perms;
+
+kernel_read_kernel_sysctl(rshd_t)
+
+corenet_raw_sendrecv_all_if(rshd_t)
+corenet_tcp_sendrecv_all_if(rshd_t)
+corenet_raw_sendrecv_all_nodes(rshd_t)
+corenet_tcp_sendrecv_all_nodes(rshd_t)
+corenet_tcp_sendrecv_all_ports(rshd_t)
+corenet_tcp_bind_all_nodes(rshd_t)
+corenet_tcp_bind_reserved_port(rshd_t)
+corenet_dontaudit_tcp_bind_all_reserved_ports(rshd_t)
+
+dev_read_urand(rshd_t)
+
+selinux_get_fs_mount(rshd_t)
+selinux_validate_context(rshd_t)
+selinux_compute_access_vector(rshd_t)
+selinux_compute_create_context(rshd_t)
+selinux_compute_relabel_context(rshd_t)
+selinux_compute_user_contexts(rshd_t)
+
+auth_domtrans_chk_passwd(rshd_t)
+
+corecmd_read_bin_symlink(rshd_t)
+corecmd_read_sbin_symlink(rshd_t)
+
+files_list_home(rshd_t)
+files_read_etc_files(rshd_t)
+files_search_tmp(rshd_t)
+
+libs_use_ld_so(rshd_t)
+libs_use_shared_libs(rshd_t)
+
+logging_send_syslog_msg(inetd_t)
+
+miscfiles_read_localization(rshd_t)
+
+seutil_read_config(rshd_t)
+seutil_read_default_contexts(rshd_t)
+
+sysnet_read_config(rshd_t)
+
+userdom_search_all_users_home(rshd_t)
+
+ifdef(`targeted_policy',`
+	unconfined_domain_template(rshd_t)
+	unconfined_shell_domtrans(rshd_t)
+')
+
+tunable_policy(`use_nfs_home_dirs',`
+	fs_read_nfs_files(rshd_t)
+	fs_read_nfs_symlinks(rshd_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
+	fs_read_nfs_files(rshd_t)
+	fs_read_nfs_symlinks(rshd_t)
+')
+
+optional_policy(`kerberos.te',`
+	kerberos_use(rshd_t)
+')
+
+optional_policy(`nis.te',`
+	nis_use_ypbind(rshd_t)
+')
+
+ifdef(`TODO',`
+optional_policy(`rlogind.te', `
+	allow rshd_t rlogind_tmp_t:file rw_file_perms;
+')
+
+allow rshd_t selinux_config_t:lnk_file { getattr read };
+allow rshd_t default_context_t:lnk_file { getattr read };
+')
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index d19db5f..882f433 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -54,3 +54,7 @@ inetd_domtrans_child(tcpd_t)
 optional_policy(`nis.te',`
 	nis_use_ypbind(tcpd_t)
 ')
+
+optional_policy(`rshd.te',`
+	rshd_domtrans(rshd_t)
+')