diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
index 4584457b1..802fd3dbb 100644
--- a/policy/modules/system/mount.if
+++ b/policy/modules/system/mount.if
@@ -173,3 +173,21 @@ interface(`mount_run_unconfined',`
 	mount_domtrans_unconfined($1)
 	role $2 types unconfined_mount_t;
 ')
+
+########################################
+## <summary>
+##	Read mount_loopback files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`mount_read_mount_loopback',`
+	gen_require(`
+		type mount_t;
+	')
+
+	allow $1 mount_loopback_t:file read_file_perms;
+')
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 03f0911e7..9cd37d9ee 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
 # setuid/setgid needed to mount cifs
 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
 
-allow mount_t mount_loopback_t:file read_file_perms;
+mount_read_mount_loopback(mount_t)
 
 allow mount_t mount_tmp_t:file manage_file_perms;
 allow mount_t mount_tmp_t:dir manage_dir_perms;