diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 943bcf01d..fc4a70be2 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -92,7 +92,7 @@ optional_policy(`
 
 # /proc kcore: inaccessible
 type proc_kcore_t, proc_type;
-neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~getattr;
+neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~{ getattr mounton };
 genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,mls_systemhigh)
 
 optional_policy(`