diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 65fde0a..ead8afb 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -25,6 +25,7 @@
readahead
roundup
screen
+ slocate (Dan Walsh)
slrnpull
smartmon
sysstat
diff --git a/refpolicy/policy/modules/apps/slocate.fc b/refpolicy/policy/modules/apps/slocate.fc
new file mode 100644
index 0000000..1951c4b
--- /dev/null
+++ b/refpolicy/policy/modules/apps/slocate.fc
@@ -0,0 +1,2 @@
+/usr/bin/updatedb -- gen_context(system_u:object_r:locate_exec_t, s0)
+/var/lib/[sm]locate(/.*)? gen_context(system_u:object_r:locate_var_lib_t,s0)
diff --git a/refpolicy/policy/modules/apps/slocate.if b/refpolicy/policy/modules/apps/slocate.if
new file mode 100644
index 0000000..0f673c0
--- /dev/null
+++ b/refpolicy/policy/modules/apps/slocate.if
@@ -0,0 +1,19 @@
+## Update database for mlocate
+
+########################################
+##
+## Create the locate log with append mode.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`slocate_create_append_log',`
+ gen_require(`
+ type locate_var_log_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 locate_log_t:dir ra_dir_perms;
+ allow $1 locate_log_t:file { create append getattr };
+')
diff --git a/refpolicy/policy/modules/apps/slocate.te b/refpolicy/policy/modules/apps/slocate.te
new file mode 100644
index 0000000..32882f4
--- /dev/null
+++ b/refpolicy/policy/modules/apps/slocate.te
@@ -0,0 +1,46 @@
+
+policy_module(slocate,1.0.0)
+
+#################################
+#
+# Declarations
+#
+
+type locate_t;
+type locate_exec_t;
+init_system_domain(locate_t,locate_exec_t)
+
+type locate_log_t;
+logging_log_file(locate_log_t)
+
+type locate_var_lib_t;
+files_type(locate_var_lib_t)
+
+########################################
+#
+# Local policy
+#
+
+allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
+allow locate_t self:process { execmem execheap execstack };
+allow locate_t self:fifo_file rw_file_perms;
+allow locate_t self:unix_stream_socket create_socket_perms;
+
+allow locate_t locate_var_lib_t:dir create_dir_perms;
+allow locate_t locate_var_lib_t:file create_file_perms;
+
+kernel_read_system_state(locate_t)
+kernel_dontaudit_search_sysctl(locate_t)
+
+corecmd_exec_bin(locate_t)
+
+files_list_all(locate_t)
+files_getattr_all_files(locate_t)
+files_read_etc_runtime_files(locate_t)
+files_read_etc_files(locate_t)
+
+fs_getattr_xattr_fs(locate_t)
+
+optional_policy(`cron',`
+ cron_system_entry(locate_t, locate_exec_t)
+')
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index ea6890b..e735500 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -409,6 +409,10 @@ ifdef(`targeted_policy',`
#samba_read_secrets(system_crond_t)
')
+ optional_policy(`slocate',`
+ slocate_create_append_log(system_crond_t)
+ ')
+
optional_policy(`sysstat',`
sysstat_manage_log(system_crond_t)
')