diff --git a/selinux-policy.spec b/selinux-policy.spec
index 534d0a4..2a5244f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -61,7 +61,7 @@ cp -f ${RPM_SOURCE_DIR}/modules-%1.conf  ./policy/modules.conf \
 cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
 
 %define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} USER_EXTRAS="-u ${RPM_SOURCE_DIR}/users_extra-%1" base.pp \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} modules \
 %{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
 %{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
@@ -75,13 +75,11 @@ install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp 
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/users_extra \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
 install -m0644 ${RPM_SOURCE_DIR}/seusers-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/seusers \
-install -m0644 ${RPM_SOURCE_DIR}/users_extra-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/users_extra \
 install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/setrans.conf \
 %nil
 
@@ -95,11 +93,9 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
 %ghost %{_sysconfdir}/selinux/%1/seusers \
-%ghost %{_sysconfdir}/selinux/%1/users_extra \
 %dir %{_sysconfdir}/selinux/%1/modules \
 %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
 %verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
-%verify(not md5 size mtime) %attr(600,root,root) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
 %dir %{_sysconfdir}/selinux/%1/policy/ \
 %ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
 %dir %{_sysconfdir}/selinux/%1/contexts \
diff --git a/users_extra-mls b/users_extra-mls
new file mode 100644
index 0000000..7d9956f
--- /dev/null
+++ b/users_extra-mls
@@ -0,0 +1,5 @@
+user root prefix staff;
+user staff_u prefix staff;
+user user_u prefix user;
+user sysadm_u prefix sysadm;
+user secadm_u prefix secadm;
diff --git a/users_extra-strict b/users_extra-strict
new file mode 100644
index 0000000..28799f4
--- /dev/null
+++ b/users_extra-strict
@@ -0,0 +1,4 @@
+user root prefix staff;
+user staff_u prefix staff;
+user user_u prefix user;
+user sysadm_u prefix sysadm;
diff --git a/users_extra-targeted b/users_extra-targeted
new file mode 100644
index 0000000..cb81460
--- /dev/null
+++ b/users_extra-targeted
@@ -0,0 +1,2 @@
+user root prefix user;
+user user_u prefix user;