diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 6cce9a3..b9e316e 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,4 +1,4 @@
-- Add users_extra support.
+- Add users_extra and seusers support.
 - Postfix fixes from Serge Hallyn.
 - Run python and shell directly to interpret scripts so policy
   sources need not be executable.
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 356a6ee..d8f1011 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -212,7 +212,8 @@ endif
 
 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt $(LOCAL_POLDIR)/support/*.spt)
 
-APPCONF := config/appconfig-$(TYPE)
+APPCONF := $(ROOT)/config/appconfig-$(TYPE)
+SEUSERS := $(APPCONF)/seusers
 APPDIR := $(CONTEXTPATH)
 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular
index d52532f..3032363 100644
--- a/refpolicy/Rules.modular
+++ b/refpolicy/Rules.modular
@@ -88,10 +88,10 @@ $(BUILDDIR)/%.pp: $(TMPDIR)/%.mod $(TMPDIR)/%.mod.fc
 #
 # Create a base module package
 #
-$(BASE_PKG): $(BASE_MOD) $(BASE_FC) $(USERS_EXTRA)
+$(BASE_PKG): $(BASE_MOD) $(BASE_FC) $(USERS_EXTRA) $(SEUSERS)
 	@echo "Creating $(NAME) base module package"
 	@test -d $(BUILDDIR) || mkdir -p $(BUILDDIR)
-	$(verbose) $(SEMOD_PKG) -o $@ -m $(BASE_MOD) -f $(BASE_FC) -u $(USERS_EXTRA)
+	$(verbose) $(SEMOD_PKG) -o $@ -m $(BASE_MOD) -f $(BASE_FC) -u $(USERS_EXTRA) -s $(SEUSERS)
 
 $(BASE_MOD): $(BASE_CONF)
 	@echo "Compiling $(NAME) base module"
diff --git a/refpolicy/config/appconfig-strict-mcs/seusers b/refpolicy/config/appconfig-strict-mcs/seusers
new file mode 100644
index 0000000..c70f264
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/seusers
@@ -0,0 +1,2 @@
+root:root:s0-s0:c0.c255
+default:user_u:s0
diff --git a/refpolicy/config/appconfig-strict-mls/seusers b/refpolicy/config/appconfig-strict-mls/seusers
new file mode 100644
index 0000000..9ac11aa
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/seusers
@@ -0,0 +1,2 @@
+root:root:s0-s15:c0.c255
+default:user_u:s0
diff --git a/refpolicy/config/appconfig-strict/seusers b/refpolicy/config/appconfig-strict/seusers
new file mode 100644
index 0000000..345b9a1
--- /dev/null
+++ b/refpolicy/config/appconfig-strict/seusers
@@ -0,0 +1,2 @@
+root:root:
+default:user_u:
diff --git a/refpolicy/config/appconfig-targeted-mcs/seusers b/refpolicy/config/appconfig-targeted-mcs/seusers
new file mode 100644
index 0000000..c70f264
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/seusers
@@ -0,0 +1,2 @@
+root:root:s0-s0:c0.c255
+default:user_u:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/seusers b/refpolicy/config/appconfig-targeted-mls/seusers
new file mode 100644
index 0000000..9ac11aa
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/seusers
@@ -0,0 +1,2 @@
+root:root:s0-s15:c0.c255
+default:user_u:s0
diff --git a/refpolicy/config/appconfig-targeted/seusers b/refpolicy/config/appconfig-targeted/seusers
new file mode 100644
index 0000000..345b9a1
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted/seusers
@@ -0,0 +1,2 @@
+root:root:
+default:user_u: