diff --git a/policy/modules/services/corosync.if b/policy/modules/services/corosync.if
index 5220c9d..05f7296 100644
--- a/policy/modules/services/corosync.if
+++ b/policy/modules/services/corosync.if
@@ -18,6 +18,25 @@ interface(`corosync_domtrans',`
 	domtrans_pattern($1, corosync_exec_t, corosync_t)
 ')
 
+######################################
+## <summary>
+##      Execute corosync in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##      Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`corosync_exec',`
+        gen_require(`
+                type corosync_exec_t;
+        ')
+
+        corecmd_search_bin($1)
+        can_exec($1, corosync_exec_t)
+')
+
 #######################################
 ## <summary>
 ##	Allow the specified domain to read corosync's log files.
diff --git a/policy/modules/services/corosync.te b/policy/modules/services/corosync.te
index fdb0dcb..ed9dd2f 100644
--- a/policy/modules/services/corosync.te
+++ b/policy/modules/services/corosync.te
@@ -117,6 +117,7 @@ optional_policy(`
 	rhcs_rw_cluster_shm(corosync_t)
 	rhcs_rw_cluster_semaphores(corosync_t)
 	rhcs_stream_connect_cluster(corosync_t)
+	rhcs_read_cluster_lib_files(corosync_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/rhcs.fc b/policy/modules/services/rhcs.fc
index b19961e..a8676c7 100644
--- a/policy/modules/services/rhcs.fc
+++ b/policy/modules/services/rhcs.fc
@@ -10,6 +10,7 @@
 
 /var/lib/qdiskd(/.*)?				gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
 
+/var/log/cluster/.*\.*log			<<none>>
 /var/log/cluster/dlm_controld\.log.*	--	gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
 /var/log/cluster/fenced\.log.*		--	gen_context(system_u:object_r:fenced_var_log_t,s0)
 /var/log/cluster/gfs_controld\.log.*	--	gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if
index 6928301..d8b97c2 100644
--- a/policy/modules/services/rhcs.if
+++ b/policy/modules/services/rhcs.if
@@ -434,3 +434,22 @@ interface(`rhcs_read_qdiskd_tmpfs_files',`
 
 	allow $1 qdiskd_tmpfs_t:file read_file_perms;
 ')
+
+######################################
+## <summary>
+##      Allow domain to read cluster lib files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`rhcs_read_cluster_lib_files',`
+    gen_require(`
+        type cluster_var_lib_t;
+    ')
+
+    files_search_var_lib($1)
+    read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+')
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
index 68f2b99..1ebc84d 100644
--- a/policy/modules/services/rhcs.te
+++ b/policy/modules/services/rhcs.te
@@ -35,6 +35,10 @@ rhcs_domain_template(qdiskd)
 type qdiskd_var_lib_t;
 files_type(qdiskd_var_lib_t)
 
+# type for cluster lib files
+type cluster_var_lib_t;
+files_type(cluster_var_lib_t)
+
 #####################################
 #
 # dlm_controld local policy
@@ -105,6 +109,11 @@ tunable_policy(`fenced_can_network_connect',`
 	corenet_tcp_connect_all_ports(fenced_t)
 ')
 
+# needed by fence_scsi
+optional_policy(`
+       corosync_exec(fenced_t)
+')
+
 optional_policy(`
 	ccs_read_config(fenced_t)
 ')
@@ -223,6 +232,9 @@ allow cluster_domain self:fifo_file rw_fifo_file_perms;
 allow cluster_domain self:unix_stream_socket create_stream_socket_perms;
 allow cluster_domain self:unix_dgram_socket create_socket_perms;
 
+manage_files_pattern(cluster_domain, cluster_var_lib_t, cluster_var_lib_t)
+manage_dirs_pattern(cluster_domain, cluster_var_lib_t, cluster_var_lib_t)
+
 logging_send_syslog_msg(cluster_domain)
 
 miscfiles_read_localization(cluster_domain)