diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 5de421fc3..cdb854c6c 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -866,6 +866,7 @@ allow spc_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay
 allow spc_t self:netlink_generic_socket create_socket_perms;
 allow spc_t self:netlink_netfilter_socket create_socket_perms;
 allow spc_t self:netlink_xfrm_socket create_socket_perms;
+allow spc_t self:perf_event { cpu kernel open read };
 
 allow container_engine_system_domain spc_t:process { setsched signal_perms };