diff --git a/pdns.fc b/pdns.fc
index 22bc51be68..6810571b11 100644
--- a/pdns.fc
+++ b/pdns.fc
@@ -4,3 +4,5 @@
 /var/run/pdns\.pid		--	gen_context(system_u:object_r:pdns_var_run_t,s0)
 /var/run/pdns\.controlsocket	-s	gen_context(system_u:object_r:pdns_var_run_t,s0)
 /etc/pdns(/.*)?				gen_context(system_u:object_r:pdns_conf_t,s0)
+
+/var/lib/pdns(/.*)?				gen_context(system_u:object_r:pdns_var_lib_t,s0)
diff --git a/pdns.te b/pdns.te
index 59261fc211..e60f14a850 100644
--- a/pdns.te
+++ b/pdns.te
@@ -23,6 +23,9 @@ systemd_unit_file(pdns_unit_file_t)
 type pdns_conf_t;
 files_config_file(pdns_conf_t)
 
+type pdns_var_lib_t;
+files_type(pdns_var_lib_t)
+
 type pdns_var_run_t;
 files_pid_file(pdns_var_run_t)
 
@@ -47,6 +50,10 @@ corenet_tcp_bind_dns_port(pdns_t)
 corenet_udp_bind_dns_port(pdns_t)
 corenet_tcp_bind_transproxy_port(pdns_t)
 
+manage_dirs_pattern(dpns_t, pdns_var_lib_t, pdns_var_lib_t)
+manage_files_pattern(pdns_t, pdns_var_lib_t, pdns_var_lib_t)
+files_var_lib_filetrans(pdns_t, pdns_var_lib_t, { dir file })
+
 files_pid_filetrans(pdns_t, pdns_var_run_t, { file sock_file })
 manage_files_pattern(pdns_t, pdns_var_run_t, pdns_var_run_t)
 manage_sock_files_pattern(pdns_t, pdns_var_run_t, pdns_var_run_t)