diff --git a/policy/modules/contrib/bootupd.te b/policy/modules/contrib/bootupd.te
index f4fb56f610..f86ed6efed 100644
--- a/policy/modules/contrib/bootupd.te
+++ b/policy/modules/contrib/bootupd.te
@@ -20,7 +20,7 @@ files_pid_file(bootupd_var_run_t)
 # bootupd local policy
 #
 allow bootupd_t self:capability { setgid setuid };
-allow bootupd_t self:process { fork setpgid };
+allow bootupd_t self:process { fork setfscreate setpgid };
 allow bootupd_t self:fifo_file rw_fifo_file_perms;
 allow bootupd_t self:unix_dgram_socket create_socket_perms;
 allow bootupd_t self:unix_stream_socket create_stream_socket_perms;
@@ -46,6 +46,8 @@ fs_manage_dos_dirs(bootupd_t)
 fs_manage_dos_files(bootupd_t)
 fs_search_efivarfs_dirs(bootupd_t)
 
+storage_getattr_fixed_disk_dev(bootupd_t)
+
 optional_policy(`
 	bootloader_domtrans(bootupd_t)
 ')