diff --git a/dnsmasq.te b/dnsmasq.te
index a5c647a7ed1ed3381918505fcf8519c2022b5332..0e16580802c5783b70dff59e861e9416dc5f6a79 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -1,6 +1,12 @@
+# DNS, DHCP services
 type dnsmasq, domain;
+permissive_or_unconfined(dnsmasq)
 type dnsmasq_exec, exec_type, file_type;
 
-init_daemon_domain(dnsmasq)
-net_domain(dnsmasq)
-unconfined_domain(dnsmasq)
+allow dnsmasq self:capability { net_bind_service setgid setuid };
+allow dnsmasq self:tcp_socket create_socket_perms;
+
+allow dnsmasq dhcp_data_file:dir w_dir_perms;
+allow dnsmasq dhcp_data_file:file create_file_perms;
+allow dnsmasq port:tcp_socket name_bind;
+allow dnsmasq node:tcp_socket node_bind;