diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index be1ea4534..8729d230c 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -612,6 +612,8 @@ interface(`fs_register_binary_executable_type',`
type binfmt_misc_fs_t;
')
+ # binfmt_misc filesystem is usually mounted on /proc/sys/fs/binfmt_misc
+ kernel_search_fs_sysctls($1)
rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
')
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f03a3241d..6c5eb0787 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1985,6 +1985,25 @@ interface(`kernel_rw_kernel_sysctl',`
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
+########################################
+##
+## Search filesystem sysctl directories.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`kernel_search_fs_sysctls',`
+ gen_require(`
+ type proc_t, sysctl_t, sysctl_fs_t;
+ ')
+
+ search_dirs_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
+')
+
########################################
##
## Read filesystem sysctls.