diff --git a/public/clatd.te b/public/clatd.te
index 5c9d724dbd9d5fa1209003bbc11a7efadac5b544..7d3d40eb86338262b3648cf0f70c80954264ed45 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -34,3 +34,4 @@ allow clatd self:global_capability_class_set ipc_lock;
 allow clatd self:netlink_route_socket nlmsg_write;
 allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl;
 allow clatd tun_device:chr_file rw_file_perms;
+allowxperm clatd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };