diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index b7bfc8f..89bf643 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -181,6 +181,9 @@ template(`su_per_userdomain_template',`
 	auth_dontaudit_read_shadow($1_su_t)
 	auth_use_nsswitch($1_su_t)
 
+	corecmd_search_bin($1_su_t)
+	corecmd_search_sbin($1_su_t)
+
 	domain_use_wide_inherit_fd($1_su_t)
 
 	files_read_etc_files($1_su_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index ea0bf28..46d3fbf 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -136,7 +136,17 @@ template(`authlogin_per_userdomain_template',`
 ## </param>
 #
 template(`auth_domtrans_user_chk_passwd',`
-	ifdef(`targeted_policy',`',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			type chkpwd_exec_t;
+		')
+
+		domain_auto_trans($2,chkpwd_exec_t,system_chkpwd_t)
+		allow $2 system_chkpwd_t:fd use;
+		allow system_chkpwd_t $2:fd use;
+		allow system_chkpwd_t $2:fifo_file rw_file_perms;
+		allow system_chkpwd_t $2:process sigchld;
+	',`
 		gen_require(`
 			type chkpwd_exec_t;
 		')