diff --git a/psad.spec b/psad.spec
index daaa300..adcb94e 100644
--- a/psad.spec
+++ b/psad.spec
@@ -1,7 +1,7 @@
 Summary: Port Scan Attack Detector (psad) watches for suspect traffic
 Name: psad
 Version: 2.4.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: https://www.cipherdyne.org/psad/
@@ -120,6 +120,7 @@ cat >> $TMPDIR/psad-rpm.cil << __EOF__
 (dontaudit psad_t mandb_t (dir (getattr search)))
 (dontaudit psad_t mandb_t (file (open read)))
 (dontaudit psad_t self (capability (dac_override sys_ptrace sys_resource)))
+(dontaudit psad_t self (cap_userns (sys_ptrace)))
 (dontaudit psad_t xserver_log_t (dir (search)))
 __EOF__
 %{_sbindir}/semodule -i $TMPDIR/psad-rpm.cil
@@ -150,6 +151,7 @@ cat >> $TMPDIR/psad-rpm.cil << __EOF__
 (dontaudit psad_t mandb_t (dir (getattr search)))
 (dontaudit psad_t mandb_t (file (open read)))
 (dontaudit psad_t self (capability (dac_override sys_ptrace sys_resource)))
+(dontaudit psad_t self (cap_userns (sys_ptrace)))
 (dontaudit psad_t xserver_log_t (dir (search)))
 __EOF__
 %{_sbindir}/semodule -i $TMPDIR/psad-rpm.cil
@@ -194,6 +196,9 @@ exit 0
 %ghost %attr(0700,root,root) /var/run/%{name}/psad.cmd
 
 %changelog
+* Mon Feb 25 2019 Dominik Mierzejewski <rpm@greysector.net> - 2.4.6-2
+- silence sys_ptrace AVC denials (#1615087)
+
 * Wed Aug 01 2018 Dominik Mierzejewski <rpm@greysector.net> - 2.4.6-1
 - update to 2.4.6 (#1611013)