diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index 19ffa640f..51767f7f0 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -200,6 +200,25 @@ interface(`selinux_dontaudit_getattr_fs',`
 	dev_dontaudit_search_sysfs($1)
 ')
 
+########################################
+## <summary>
+##	Get the attributes of the selinuxfs
+##	directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`selinux_getattr_dirs',`
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:dir getattr;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the
@@ -276,6 +295,24 @@ interface(`selinux_dontaudit_read_fs',`
 	dontaudit $1 security_t:file read_file_perms;
 ')
 
+########################################
+## <summary>
+##	Mount on the selinuxfs directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`selinux_mounton_dirs',`
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:dir mounton;
+')
+
 ########################################
 ## <summary>
 ##	Allows the caller to get the mode of policy enforcement
diff --git a/policy/modules/services/podman.te b/policy/modules/services/podman.te
index 3d16e64d1..d929bb253 100644
--- a/policy/modules/services/podman.te
+++ b/policy/modules/services/podman.te
@@ -39,9 +39,9 @@ userdom_user_application_domain(podman_user_conmon_t, conmon_exec_t)
 
 allow podman_t podman_conmon_t:process setsched;
 
-# podman creates OCI networking configs and will
-# remove them when running podman system reset
-container_manage_config_files(podman_t)
+# for --network=host
+selinux_getattr_dirs(podman_t)
+selinux_mounton_dirs(podman_t)
 
 logging_send_syslog_msg(podman_t)
 
@@ -51,6 +51,10 @@ userdom_list_user_home_content(podman_t)
 userdom_relabel_generic_user_home_dirs(podman_t)
 userdom_relabel_generic_user_home_files(podman_t)
 
+# podman creates OCI networking configs and will
+# remove them when running podman system reset
+container_manage_config_files(podman_t)
+
 # when run by root, podman will fail to start if
 # /root/.config/containers is not readable
 container_config_home_filetrans(podman_t, dir)