diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index be1ea4534..8729d230c 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -612,6 +612,8 @@ interface(`fs_register_binary_executable_type',`
 		type binfmt_misc_fs_t;
 	')
 
+	# binfmt_misc filesystem is usually mounted on /proc/sys/fs/binfmt_misc
+	kernel_search_fs_sysctls($1)
 	rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
 ')
 
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f03a3241d..6c5eb0787 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1985,6 +1985,25 @@ interface(`kernel_rw_kernel_sysctl',`
 	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
 ')
 
+########################################
+## <summary>
+##	Search filesystem sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_search_fs_sysctls',`
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_fs_t;
+	')
+
+	search_dirs_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
+')
+
 ########################################
 ## <summary>
 ##	Read filesystem sysctls.