diff --git a/public/dumpstate.te b/public/dumpstate.te
index a814f16ba5af03af913e4b85df24a02bac078f1a..f8ef840c88efc92152cd841a800657a76d8870e6 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -263,6 +263,8 @@ allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_re
 
 # Allow dumpstate to run iotop
 allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4) have a new class for sockets
+allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
 
 ###
 ### neverallow rules