diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te
index 0fda72124b..3ca3216bb9 100644
--- a/policy/modules/contrib/sssd.te
+++ b/policy/modules/contrib/sssd.te
@@ -284,7 +284,7 @@ optional_policy(`
 #
 
 # allow sssd_t to kill unresponsive selinux_child process
-allow sssd_t sssd_selinux_manager_t:process signal;
+allow sssd_t sssd_selinux_manager_t:process { setcap signal };
 
 allow sssd_selinux_manager_t self:capability { setgid setuid };
 dontaudit sssd_selinux_manager_t self:capability net_admin;