diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 8af8fb3a68..b8df9e8e07 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2113,7 +2113,7 @@ allow virtqemud_t self:cap_userns kill;
 allow virtqemud_t self:netlink_audit_socket { nlmsg_relay read write };
 allow virtqemud_t self:process { setcap setexec setrlimit setsched setsockcreate };
 allow virtqemud_t self:tcp_socket create_socket_perms;
-allow virtqemud_t self:tun_socket create;
+allow virtqemud_t self:tun_socket { create relabelfrom relabelto };
 allow virtqemud_t self:udp_socket { connect create getattr };
 
 allow virtqemud_t qemu_var_run_t:{ dir file sock_file } relabelfrom;