diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 486a30d..4a2fdc0 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -25,12 +25,6 @@ unconfined_domain_template(unconfined_t)
 logging_send_syslog_msg(unconfined_t)
 
 ifdef(`targeted_policy',`
-	# compatibility for switching from strict
-	dominance { role secadm_r { role system_r; }}
-	dominance { role sysadm_r { role system_r; }}
-	dominance { role user_r { role system_r; }}
-	dominance { role staff_r { role system_r; }}
-
 	allow unconfined_t self:system syslog_read;
 	dontaudit unconfined_t self:capability sys_module;
 
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 03861f3..6b0f0b4 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -64,6 +64,12 @@ ifdef(`targeted_policy',`
 	files_associate_tmp(user_home_dir_t)
 	fs_associate_tmpfs(user_home_dir_t)
 
+	# compatibility for switching from strict
+	dominance { role secadm_r { role system_r; }}
+	dominance { role sysadm_r { role system_r; }}
+	dominance { role user_r { role system_r; }}
+	dominance { role staff_r { role system_r; }}
+
 	# dont need to use the full role_change()
 	allow sysadm_r system_r;
 	allow sysadm_r user_r;