diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if
index bf5ecfb5d..541eb8a5a 100644
--- a/policy/modules/services/container.if
+++ b/policy/modules/services/container.if
@@ -1099,6 +1099,25 @@ interface(`container_relabel_all_content',`
allow $1 container_file_t:dir_file_class_set { relabelfrom relabelto };
')
+########################################
+##
+## Allow the specified domain to
+## remount container filesystems.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`container_remount_fs',`
+ gen_require(`
+ type container_file_t;
+ ')
+
+ allow $1 container_file_t:filesystem remount;
+')
+
########################################
##
## Allow the specified domain to
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c6635d834..5f9427bbe 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -543,6 +543,10 @@ ifdef(`init_systemd',`
clock_read_adjtime(init_t)
')
+ optional_policy(`
+ container_remount_fs(init_t)
+ ')
+
optional_policy(`
systemd_dbus_chat_logind(init_t)
systemd_search_all_user_keys(init_t)