diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 8af8fb3a68..6f55a224fc 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2113,7 +2113,8 @@ allow virtqemud_t self:cap_userns kill;
 allow virtqemud_t self:netlink_audit_socket { nlmsg_relay read write };
 allow virtqemud_t self:process { setcap setexec setrlimit setsched setsockcreate };
 allow virtqemud_t self:tcp_socket create_socket_perms;
-allow virtqemud_t self:tun_socket create;
+allow virtqemud_t self:tun_socket { create relabelfrom relabelto };
+
 allow virtqemud_t self:udp_socket { connect create getattr };
 
 allow virtqemud_t qemu_var_run_t:{ dir file sock_file } relabelfrom;
@@ -2121,8 +2122,10 @@ allow virtqemud_t qemu_var_run_t:{ dir file sock_file } relabelfrom;
 allow virtqemud_t svirt_t:process { getattr setsched signal signull transition };
 allow virtqemud_t svirt_t:unix_stream_socket { connectto create_stream_socket_perms };
 allow virtqemud_t svirt_socket_t:unix_stream_socket connectto;
-allow virtqemud_t svirt_tcg_t: process { setsched signal signull transition };
+allow virtqemud_t svirt_tcg_t: process { getrlimit getsched setsched signal signull transition };
 allow virtqemud_t svirt_tcg_t: unix_stream_socket { connectto create_stream_socket_perms };
+allow virtqemud_t svirt_tcg_t:file read_file_perms;
+allow virtqemud_t svirt_tcg_t:lnk_file read_lnk_file_perms;
 
 allow virtqemud_t svirt_devpts_t:chr_file open;
 allow virtqemud_t svirt_tmpfs_t:file { map write };
@@ -2178,7 +2181,6 @@ manage_files_pattern(virtqemud_t, svirt_image_t, svirt_image_t)
 manage_sock_files_pattern(virtqemud_t, svirt_image_t, svirt_image_t)
 read_files_pattern(virtqemud_t, svirt_t, svirt_t)
 read_lnk_files_pattern(virtqemud_t, svirt_t, svirt_t)
-read_files_pattern(virtqemud_t, svirt_tcg_t, svirt_tcg_t)
 
 manage_files_pattern(virtqemud_t, virt_content_t, virt_content_t)
 
@@ -2278,6 +2280,10 @@ optional_policy(`
 	dnsmasq_filetrans_named_content_fromdir(virtqemud_t, virtqemud_var_run_t)
 ')
 
+optional_policy(`
+	numad_domtrans(virtqemud_t)
+')
+
 optional_policy(`
 	qemu_exec(virtqemud_t)
 ')