diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if
index 8fd3832fb..43e1ac057 100644
--- a/policy/modules/services/container.if
+++ b/policy/modules/services/container.if
@@ -1073,6 +1073,26 @@ interface(`container_exec_plugins',`
 	can_exec($1, container_plugin_t)
 ')
 
+########################################
+## <summary>
+##	Allow the specified domain to
+##	search container config directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`container_search_config',`
+	gen_require(`
+		type container_config_t;
+	')
+
+    files_search_etc($1)
+    allow $1 container_config_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 1c3025635..b7dba7fc8 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -19,6 +19,11 @@ ifdef(`distro_gentoo',`
 #
 /dev/initctl		-p	gen_context(system_u:object_r:initctl_t,s0)
 
+#
+# /etc
+#
+/etc/containers/systemd(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
+
 #
 # /usr
 #
@@ -36,6 +41,7 @@ ifdef(`distro_gentoo',`
 /usr/lib/systemd/user-preset(/.*)? gen_context(system_u:object_r:systemd_unit_t,s0)
 /usr/lib/systemd/ntp-units\.d -d gen_context(system_u:object_r:systemd_unit_t,s0)
 /usr/lib/systemd/system(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
+/usr/share/containers/systemd(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
 /run/systemd/transient(/.*)?	gen_context(system_u:object_r:systemd_transient_unit_t,s0)
 
 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index 5a8572c0e..e9714bffc 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -21,6 +21,7 @@
 /usr/lib/systemd/system-generators/.*							--	gen_context(system_u:object_r:systemd_generator_exec_t,s0)
 /usr/lib/systemd/user-environment-generators/.*					--	gen_context(system_u:object_r:systemd_generator_exec_t,s0)
 /usr/lib/systemd/user-generators/.*								--	gen_context(system_u:object_r:systemd_generator_exec_t,s0)
+/usr/libexec/podman/quadlet										--	gen_context(system_u:object_r:systemd_generator_exec_t,s0)
 
 /usr/lib/systemd/systemd-activate	--	gen_context(system_u:object_r:systemd_activate_exec_t,s0)
 /usr/lib/systemd/systemd-backlight	--	gen_context(system_u:object_r:systemd_backlight_exec_t,s0)
@@ -49,6 +50,7 @@
 /usr/lib/systemd/systemd-userwork	--	gen_context(system_u:object_r:systemd_userdbd_exec_t,s0)
 
 # Systemd unit files
+HOME_DIR/\.config/containers/systemd(/.*)?		gen_context(system_u:object_r:systemd_conf_home_t,s0)
 HOME_DIR/\.config/systemd(/.*)?		gen_context(system_u:object_r:systemd_conf_home_t,s0)
 HOME_DIR/\.local/share/systemd(/.*)?		gen_context(system_u:object_r:systemd_data_home_t,s0)
 
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 1859de79f..264c9ad81 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -478,7 +478,7 @@ seutil_search_default_contexts(systemd_coredump_t)
 
 allow systemd_generator_t self:fifo_file rw_fifo_file_perms;
 allow systemd_generator_t self:capability { dac_override sys_admin };
-allow systemd_generator_t self:process setfscreate;
+allow systemd_generator_t self:process { getsched setfscreate signal };
 
 corecmd_exec_shell(systemd_generator_t)
 corecmd_exec_bin(systemd_generator_t)
@@ -546,6 +546,11 @@ optional_policy(`
 	cloudinit_getattr_state_files(systemd_generator_t)
 ')
 
+optional_policy(`
+	# for quadlet to access /etc/containers/systemd
+	container_search_config(systemd_generator_t)
+')
+
 optional_policy(`
 	fstools_exec(systemd_generator_t)
 ')