diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
index abb53988ed..626ee548c0 100644
--- a/policy/modules/contrib/virt.if
+++ b/policy/modules/contrib/virt.if
@@ -2141,3 +2141,22 @@ interface(`virt_manage_qemu_pid_sock_files',`
        files_search_pids($1)
        manage_sock_files_pattern($1, qemu_var_run_t, qemu_var_run_t)
 ')
+
+########################################
+## <summary>
+##	Allow the specified domain to ioctl
+##	virtqemud over a unix domain stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`virt_virtqemud_ioctl_stream_sockets',`
+	gen_require(`
+		type virtqemud_t;
+	')
+
+	allow $1 virtqemud_t:unix_stream_socket ioctl;
+')
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 8198bc7dda..a325cb01ad 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2294,6 +2294,7 @@ optional_policy(`
 
 optional_policy(`
 	ssh_domtrans_ssh(virtqemud_t)
+	ssh_signal(virtqemud_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index e9d4b82791..0ab8ad12bd 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -266,6 +266,10 @@ optional_policy(`
 	systemd_read_conf_files(ssh_t)
 ')
 
+optional_policy(`
+	virt_virtqemud_ioctl_stream_sockets(ssh_t)
+')
+
 optional_policy(`
 	xserver_user_x_domain_template(ssh, ssh_t, ssh_tmpfs_t)
 	xserver_domtrans_xauth(ssh_t)