diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if
index bf5ecfb5d..541eb8a5a 100644
--- a/policy/modules/services/container.if
+++ b/policy/modules/services/container.if
@@ -1099,6 +1099,25 @@ interface(`container_relabel_all_content',`
 	allow $1 container_file_t:dir_file_class_set { relabelfrom relabelto };
 ')
 
+########################################
+## <summary>
+##	Allow the specified domain to
+##	remount container filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`container_remount_fs',`
+	gen_require(`
+		type container_file_t;
+	')
+
+	allow $1 container_file_t:filesystem remount;
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c6635d834..5f9427bbe 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -543,6 +543,10 @@ ifdef(`init_systemd',`
 		clock_read_adjtime(init_t)
 	')
 
+	optional_policy(`
+		container_remount_fs(init_t)
+	')
+
 	optional_policy(`
 		systemd_dbus_chat_logind(init_t)
 		systemd_search_all_user_keys(init_t)