diff --git a/policy/modules/services/oddjob.fc b/policy/modules/services/oddjob.fc
index 60b26f4..bdf8c89 100644
--- a/policy/modules/services/oddjob.fc
+++ b/policy/modules/services/oddjob.fc
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 
 /usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
 
diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if
index 9bac058..6433998 100644
--- a/policy/modules/services/oddjob.if
+++ b/policy/modules/services/oddjob.if
@@ -84,3 +84,28 @@ interface(`oddjob_domtrans_mkhomedir',`
 
 	domtrans_pattern($1, oddjob_mkhomedir_exec_t, oddjob_mkhomedir_t)
 ')
+
+########################################
+## <summary>
+##	Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`oddjob_run_mkhomedir',`
+	gen_require(`
+		type oddjob_mkhomedir_t;
+	')
+
+	oddjob_domtrans_mkhomedir($1)
+	role $2 types oddjob_mkhomedir_t;
+')
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index 44f5971..258802a 100644
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -1,5 +1,5 @@
 
-policy_module(oddjob, 1.6.0)
+policy_module(oddjob, 1.6.1)
 
 ########################################
 #
@@ -10,18 +10,25 @@ type oddjob_t;
 type oddjob_exec_t;
 domain_type(oddjob_t)
 init_daemon_domain(oddjob_t, oddjob_exec_t)
+domain_obj_id_change_exemption(oddjob_t)
+domain_role_change_exemption(oddjob_t)
 domain_subj_id_change_exemption(oddjob_t)
 
 type oddjob_mkhomedir_t;
 type oddjob_mkhomedir_exec_t;
 domain_type(oddjob_mkhomedir_t)
-init_daemon_domain(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
+domain_obj_id_change_exemption(oddjob_mkhomedir_t)
+init_system_domain(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
 oddjob_system_entry(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
 
 # pid files
 type oddjob_var_run_t;
 files_pid_file(oddjob_var_run_t)
 
+ifdef(`enable_mcs',`
+	init_ranged_daemon_domain(oddjob_t, oddjob_exec_t, s0 - mcs_systemhigh)
+')
+
 ########################################
 #
 # oddjob local policy
@@ -65,13 +72,32 @@ optional_policy(`
 # oddjob_mkhomedir local policy
 #
 
+allow oddjob_mkhomedir_t self:capability { chown fowner fsetid dac_override };
+allow oddjob_mkhomedir_t self:process setfscreate;
 allow oddjob_mkhomedir_t self:fifo_file rw_fifo_file_perms;
 allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms;
 
+kernel_read_system_state(oddjob_mkhomedir_t)
+
 files_read_etc_files(oddjob_mkhomedir_t)
 
+auth_use_nsswitch(oddjob_mkhomedir_t)
+
+logging_send_syslog_msg(oddjob_mkhomedir_t)
+
 miscfiles_read_localization(oddjob_mkhomedir_t)
 
+selinux_get_fs_mount(oddjob_mkhomedir_t)
+selinux_validate_context(oddjob_mkhomedir_t)
+selinux_compute_access_vector(oddjob_mkhomedir_t)
+selinux_compute_create_context(oddjob_mkhomedir_t)
+selinux_compute_relabel_context(oddjob_mkhomedir_t)
+selinux_compute_user_contexts(oddjob_mkhomedir_t)
+
+seutil_read_config(oddjob_mkhomedir_t)
+seutil_read_file_contexts(oddjob_mkhomedir_t)
+seutil_read_default_contexts(oddjob_mkhomedir_t)
+
 # Add/remove user home directories
 userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
 userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)