diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
index 1ead55d..ca6cd03 100644
--- a/policy/modules/services/consolekit.te
+++ b/policy/modules/services/consolekit.te
@@ -1,5 +1,5 @@
-policy_module(consolekit, 1.5.0)
+policy_module(consolekit, 1.5.1)
########################################
#
@@ -108,6 +108,7 @@ optional_policy(`
optional_policy(`
xserver_read_xdm_pid(consolekit_t)
xserver_read_user_xauth(consolekit_t)
+ xserver_non_drawing_client(consolekit_t)
corenet_tcp_connect_xserver_port(consolekit_t)
')
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index e34a892..8633a6a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -234,6 +234,37 @@ interface(`xserver_rw_session',`
#######################################
##
+## Create non-drawing client sessions on an X server.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`xserver_non_drawing_client',`
+ gen_require(`
+ class x_drawable { getattr get_property };
+ class x_extension { query use };
+ class x_gc { create setattr };
+ class x_property read;
+
+ type xserver_t, xdm_var_run_t;
+ type xextension_t, xproperty_t, root_xdrawable_t;
+ ')
+
+ allow $1 self:x_gc { create setattr };
+
+ allow $1 xdm_var_run_t:dir search;
+ allow $1 xserver_t:unix_stream_socket connectto;
+
+ allow $1 xextension_t:x_extension { query use };
+ allow $1 root_xdrawable_t:x_drawable { getattr get_property };
+ allow $1 xproperty_t:x_property read;
+')
+
+#######################################
+##
## Create full client sessions
## on a user X server.
##
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 89ba2dd..bf0f131 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,5 +1,5 @@
-policy_module(xserver, 3.3.1)
+policy_module(xserver, 3.3.2)
gen_require(`
class x_drawable all_x_drawable_perms;