diff --git a/policy/modules/services/certmaster.fc b/policy/modules/services/certmaster.fc
index f27a584..79295d6 100644
--- a/policy/modules/services/certmaster.fc
+++ b/policy/modules/services/certmaster.fc
@@ -3,5 +3,6 @@
 
 /usr/bin/certmaster		--	gen_context(system_u:object_r:certmaster_exec_t,s0)
 
+/var/lib/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_lib_t,s0)
 /var/log/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_log_t,s0)
 /var/run/certmaster.*			gen_context(system_u:object_r:certmaster_var_run_t,s0)