diff --git a/policy/modules/contrib/rshim.fc b/policy/modules/contrib/rshim.fc
index 2f5e30fd17..29684e907c 100644
--- a/policy/modules/contrib/rshim.fc
+++ b/policy/modules/contrib/rshim.fc
@@ -1,3 +1,5 @@
 /usr/bin/rshim				--	gen_context(system_u:object_r:rshim_exec_t,s0)
 
+/run/rshim\.pid	--	gen_context(system_u:object_r:rshim_var_run_t,s0)
+
 /usr/lib/systemd/system/rshim.*		--	gen_context(system_u:object_r:rshim_unit_file_t,s0)
diff --git a/policy/modules/contrib/rshim.te b/policy/modules/contrib/rshim.te
index 718c589b11..17c4a5e30d 100644
--- a/policy/modules/contrib/rshim.te
+++ b/policy/modules/contrib/rshim.te
@@ -9,6 +9,9 @@ type rshim_t;
 type rshim_exec_t;
 init_daemon_domain(rshim_t, rshim_exec_t)
 
+type rshim_var_run_t;
+files_pid_file(rshim_var_run_t)
+
 type rshim_unit_file_t;
 systemd_unit_file(rshim_unit_file_t)
 
@@ -24,6 +27,9 @@ allow rshim_t self:system module_load;
 allow rshim_t self:unix_stream_socket create_stream_socket_perms;
 allow rshim_t self:netlink_kobject_uevent_socket getopt;
 
+manage_files_pattern(rshim_t, rshim_var_run_t, rshim_var_run_t)
+files_pid_filetrans(rshim_t, rshim_var_run_t, file)
+
 kernel_read_proc_files(rshim_t)
 
 corecmd_exec_shell(rshim_t)