diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index e736b9566..0242cb5e5 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -113,6 +113,7 @@
/dev/snapshot -c gen_context(system_u:object_r:acpi_bios_t,s0)
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/sysdig[0-9] -c gen_context(system_u:object_r:sysdig_device_t,s0)
/dev/tee[0-9] -c gen_context(system_u:object_r:tee_device_t,s0)
/dev/teepriv[0-9] -c gen_context(system_u:object_r:tee_priv_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 792ffa2ef..055d6c74f 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4176,6 +4176,25 @@ interface(`dev_manage_smartcard',`
manage_chr_files_pattern($1, device_t, smartcard_device_t)
')
+########################################
+##
+## Read, write and map the sysdig device.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`dev_rw_sysdig',`
+ gen_require(`
+ type device_t, sysdig_device_t;
+ ')
+
+ rw_chr_files_pattern($1, device_t, sysdig_device_t)
+ allow $1 sysdig_device_t:chr_file map;
+')
+
########################################
##
## Mount a filesystem on sysfs.
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 8b3c20279..539c0c4a6 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -255,6 +255,12 @@ dev_node(smartcard_device_t)
type sound_device_t;
dev_node(sound_device_t)
+#
+# Type for sysdig device
+#
+type sysdig_device_t;
+dev_node(sysdig_device_t)
+
#
# sysfs_t is the type for the /sys pseudofs
#