diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index df42c80..60d9f45 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -30708,7 +30708,7 @@ index 0d4c8d3..e6ffda3 100644
 +    ps_process_pattern($1, ipsec_mgmt_t)
 +')
 diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
-index 312cd04..36ad32e 100644
+index 312cd04..a97e8da 100644
 --- a/policy/modules/system/ipsec.te
 +++ b/policy/modules/system/ipsec.te
 @@ -48,6 +48,9 @@ init_system_domain(ipsec_mgmt_t, ipsec_mgmt_exec_t)
@@ -30728,9 +30728,9 @@ index 312cd04..36ad32e 100644
 -allow ipsec_t self:capability { net_admin dac_override dac_read_search setpcap sys_nice };
 -dontaudit ipsec_t self:capability { sys_ptrace sys_tty_config };
 -allow ipsec_t self:process { getcap setcap getsched signal setsched };
-+allow ipsec_t self:capability { net_admin dac_override dac_read_search setpcap sys_nice net_raw setuid setgid sigkill };
++allow ipsec_t self:capability { net_admin dac_override dac_read_search setpcap sys_nice net_raw setuid setgid };
 +dontaudit ipsec_t self:capability sys_tty_config;
-+allow ipsec_t self:process { getcap setcap getsched signal signull setsched };
++allow ipsec_t self:process { getcap setcap getsched signal signull setsched sigkill };
  allow ipsec_t self:tcp_socket create_stream_socket_perms;
  allow ipsec_t self:udp_socket create_socket_perms;
 +allow ipsec_t self:packet_socket create_socket_perms;