diff --git a/containers/Dockerfile.kde-nvidia-ver4a b/containers/Dockerfile.kde-nvidia-ver4a
index d26855c..8eede18 100644
--- a/containers/Dockerfile.kde-nvidia-ver4a
+++ b/containers/Dockerfile.kde-nvidia-ver4a
@@ -26,6 +26,11 @@ RUN dnf5 -y autoremove
 # Except for polkit-agent-helper-1, it's currently required for interactive authentication with polkit.
 RUN find /usr -mindepth 1 -type f -perm /6000 -regextype posix-extended -not -regex '^/usr/lib/polkit-1/polkit-agent-helper-1$|^/usr/s?bin/unix_chkpwd$|^/usr/s?bin/fusermount[0-9]?$' -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
 
+COPY ./selinux-policies /tmp/selinux-policies
+RUN checkmodule -M -m -o /tmp/selinux-policies/ver4a-selinux.mod /tmp/selinux-policies/ver4a-selinux.te
+RUN semodule_package -m /tmp/selinux-policies/ver4a-selinux.mod -o /tmp/selinux-policies/ver4a-selinux.pp
+RUN semodule -i /tmp/selinux-policies/ver4a-selinux.pp
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit
 
diff --git a/containers/Dockerfile.kde-ver4a b/containers/Dockerfile.kde-ver4a
index e9c986c..a2e4173 100644
--- a/containers/Dockerfile.kde-ver4a
+++ b/containers/Dockerfile.kde-ver4a
@@ -26,6 +26,11 @@ RUN dnf5 -y autoremove
 # Except for polkit-agent-helper-1, it's currently required for interactive authentication with polkit.
 RUN find /usr -mindepth 1 -type f -perm /6000 -regextype posix-extended -not -regex '^/usr/lib/polkit-1/polkit-agent-helper-1$|^/usr/s?bin/unix_chkpwd$|^/usr/s?bin/fusermount[0-9]?$' -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
 
+COPY ./selinux-policies /tmp/selinux-policies
+RUN checkmodule -M -m -o /tmp/selinux-policies/ver4a-selinux.mod /tmp/selinux-policies/ver4a-selinux.te
+RUN semodule_package -m /tmp/selinux-policies/ver4a-selinux.mod -o /tmp/selinux-policies/ver4a-selinux.pp
+RUN semodule -i /tmp/selinux-policies/ver4a-selinux.pp
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit
 
diff --git a/containers/selinux-policies/ver4a-selinux.te b/containers/selinux-policies/ver4a-selinux.te
new file mode 100644
index 0000000..17653ad
--- /dev/null
+++ b/containers/selinux-policies/ver4a-selinux.te
@@ -0,0 +1,11 @@
+
+module ver4a-selinux 1.0;
+
+require {
+	type ifconfig_t;
+	class cap_userns { net_admin sys_ptrace };
+}
+
+#============= ifconfig_t ==============
+
+allow ifconfig_t self:cap_userns { net_admin sys_ptrace };