diff --git a/foreman-selinux-disable b/foreman-selinux-disable
index 1a1a6cf..6ff5570 100644
--- a/foreman-selinux-disable
+++ b/foreman-selinux-disable
@@ -9,7 +9,7 @@ do
   if /usr/sbin/semodule -s $selinuxvariant -l >/dev/null; then
     # Remove all user defined ports (including the default one)
     /usr/sbin/semanage port -E | \
-      grep -E '(elasticsearch|docker)_port_t' | \
+      grep -E '(elasticsearch|docker|foreman_osapi_compute)_port_t' | \
       sed s/-a/-d/g | \
       /usr/sbin/semanage -S $selinuxvariant -i -
     # Unload policy
diff --git a/foreman-selinux-enable b/foreman-selinux-enable
index 36cca81..4c89462 100644
--- a/foreman-selinux-enable
+++ b/foreman-selinux-enable
@@ -4,6 +4,21 @@ set +e
 TMP=$(mktemp -t foreman-selinux-enable.XXXXXXXXXX)
 trap "rm -rf '$TMP'" EXIT INT TERM
 
+# Assign port number or change existing port definition.
+assign_or_change_existing() {
+  if ! /usr/sbin/semanage port -E | grep -qEe "${1}.*-p (tcp|udp) ${2}"; then
+    if /usr/sbin/semanage port -E | grep -qEe "-p (tcp|udp) $2"; then
+      echo "port -m -t $1 -p tcp $2"
+    else
+      echo "port -a -t $1 -p tcp $2"
+    fi
+  fi
+}
+
+is_redhat_6() {
+  test x$(rpm -q --whatprovides redhat-release --qf '%{version}') = x6
+}
+
 # Load or upgrade foreman policy and set booleans.
 #
 # Dependant booleans must be managed in a separate transaction.
@@ -25,6 +40,11 @@ do
     /usr/sbin/semanage port -E | grep -q docker_port_t || \
       echo "port -a -t docker_port_t -p tcp 2375-2376" >> $TMP
 
+    if is_redhat_6; then
+      # missing port definitions
+      assign_or_change_existing 'foreman_osapi_compute_port_t' '8774' >> $TMP
+    fi
+
     /usr/sbin/semanage -S $selinuxvariant -i $TMP
   fi
 done
diff --git a/foreman.te b/foreman.te
index 765ec55..1236b68 100644
--- a/foreman.te
+++ b/foreman.te
@@ -142,6 +142,9 @@ files_pid_file(foreman_var_run_t)
 type foreman_proxy_port_t;
 corenet_port(foreman_proxy_port_t)
 
+type foreman_osapi_compute_port_t;
+corenet_port(foreman_osapi_compute_port_t)
+
 require{
     type bin_t;
     type httpd_t;
@@ -308,9 +311,15 @@ optional_policy(`
 
 tunable_policy(`passenger_can_connect_openstack',`
     ifdef(`distro_rhel6', `
+        # keystone (identity service)
         corenet_tcp_connect_commplex_port(passenger_t)
+        # all other ports not yet defined on rhel6
+        allow passenger_t foreman_osapi_compute_port_t:tcp_socket name_connect;
     ',`
+        # keystone (identity service)
         corenet_tcp_connect_commplex_main_port(passenger_t)
+        # nova (compute service)
+        corenet_tcp_connect_osapi_compute_port(passenger_t)
     ')
 ')