diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 9f40bcc73..58dd2bd0c 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -226,7 +226,7 @@ optional_policy(`
 
 allow newrole_t self:capability { dac_override fowner setgid setuid };
 dontaudit newrole_t self:capability net_admin;
-allow newrole_t self:process setexec;
+allow newrole_t self:process { setcap setexec };
 allow newrole_t self:fd use;
 allow newrole_t self:fifo_file rw_fifo_file_perms;
 allow newrole_t self:sock_file read_sock_file_perms;