diff --git a/container.te b/container.te
index c73f59e..baad31b 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.150.0)
+policy_module(container, 2.151.0)
 gen_require(`
 	class passwd rootok;
 ')
@@ -1148,6 +1148,8 @@ allow container_kvm_t container_runtime_t:unix_stream_socket rw_stream_socket_pe
 
 container_stream_connect(container_kvm_t)
 
+allow container_kvm_t container_runtime_t:tun_socket attach_queue;
+
 dev_rw_inherited_vhost(container_kvm_t)
 dev_rw_vfio_dev(container_kvm_t)