diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index b21d7137..50879531 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -45,6 +45,14 @@ interface(`domain_base_type',`
 		tunable_policy(`allow_execmem',`
 			allow $1 self:process execmem;
 		')
+
+		# FIXME:
+		# hack until role dominance is fixed in
+		# the module compiler
+		role secadm_r types $1;
+		role sysadm_r types $1;
+		role user_r types $1;
+		role staff_r types $1;
 	')
 ')
 
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6b0f0b46..d56c6495 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -65,10 +65,10 @@ ifdef(`targeted_policy',`
 	fs_associate_tmpfs(user_home_dir_t)
 
 	# compatibility for switching from strict
-	dominance { role secadm_r { role system_r; }}
-	dominance { role sysadm_r { role system_r; }}
-	dominance { role user_r { role system_r; }}
-	dominance { role staff_r { role system_r; }}
+#	dominance { role secadm_r { role system_r; }}
+#	dominance { role sysadm_r { role system_r; }}
+#	dominance { role user_r { role system_r; }}
+#	dominance { role staff_r { role system_r; }}
 
 	# dont need to use the full role_change()
 	allow sysadm_r system_r;