diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 4f20137a5..b5bd2762e 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -181,7 +181,7 @@ template(`ssh_server_template', `
 	type $1_var_run_t;
 	files_pid_file($1_var_run_t)
 
-	allow $1_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config };
+	allow $1_t self:capability { chown dac_read_search fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config };
 	# net_admin is for SO_SNDBUFFORCE
 	dontaudit $1_t self:capability net_admin;
 	allow $1_t self:fifo_file rw_fifo_file_perms;