diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index 2b56ed7d..ade4fca7 100644
--- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te
@@ -1,5 +1,5 @@
-policy_module(firstboot, 1.7.1)
+policy_module(firstboot, 1.7.2)
gen_require(`
class passwd rootok;
@@ -118,6 +118,10 @@ optional_policy(`
usermanage_domtrans_admin_passwd(firstboot_t)
')
+optional_policy(`
+ xserver_rw_xdm_xserver_shm(firstboot_t)
+')
+
ifdef(`TODO',`
allow firstboot_t proc_t:file write;
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 8300c4ec..18fa8813 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1672,6 +1672,24 @@ interface(`xserver_stream_connect_xdm_xserver',`
stream_connect_pattern($1, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t)
')
+########################################
+##
+## xdm xserver RW shared memory socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`xserver_rw_xdm_xserver_shm',`
+ gen_require(`
+ type xdm_xserver_t;
+ ')
+
+ allow $1 xdm_xserver_t:shm rw_shm_perms;
+')
+
########################################
##
## Interface to provide X object permissions on a given X server to
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 01757d42..f71f5c67 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,5 +1,5 @@
-policy_module(xserver, 2.1.0)
+policy_module(xserver, 2.1.1)
########################################
#