diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 99ad71f92..3455c2270 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -3358,6 +3358,23 @@ interface(`fs_rw_nfsd_fs',`
 	rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
 ')
 
+########################################
+## <summary>
+##	Read nsfs inodes (e.g. /proc/pid/ns/uts)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_read_nsfs_files',`
+	gen_require(`
+		type nsfs_t;
+	')
+
+	allow $1 nsfs_t:file read_file_perms;
+')
 ########################################
 ## <summary>
 ##	Getattr on pstore dirs.
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 920527ca9..ae44d92f4 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -126,6 +126,7 @@ fs_type(nfsd_fs_t)
 genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
 
 type nsfs_t;
+fs_type(nsfs_t)
 genfscon nsfs / gen_context(system_u:object_r:nsfs_t,s0)
 
 type oprofilefs_t;
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index ea5530f55..78031010d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -199,6 +199,7 @@ ifdef(`init_systemd',`
 	allow init_t self:netlink_kobject_uevent_socket create_socket_perms;
 	allow init_t self:netlink_route_socket create_netlink_socket_perms;
 	allow init_t self:netlink_selinux_socket create_socket_perms;
+	allow init_t self:unix_dgram_socket lock;
 
 	manage_files_pattern(init_t, init_var_run_t, init_var_run_t)
 	manage_lnk_files_pattern(init_t, init_var_run_t, init_var_run_t)
@@ -260,6 +261,8 @@ ifdef(`init_systemd',`
 	# mount-setup
 	fs_unmount_autofs(init_t)
 	fs_getattr_pstore_dirs(init_t)
+	# for network namespaces
+	fs_read_nsfs_files(init_t)
 
 	# systemd_socket_activated policy
 	mls_socket_write_all_levels(init_t)