diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 7d0ef43c..59bae6ad 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -2,3 +2,5 @@
 /dev/shm/.*		<<none>>
 
 /cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
+
+/sys/fs/cgroup(/.*)?	<<none>>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index e3e17bad..437a42af 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
 	')
 
 	search_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -664,6 +665,7 @@ interface(`fs_list_cgroup_dirs', `
 	')
 
 	list_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -682,6 +684,7 @@ interface(`fs_delete_cgroup_dirs', `
 	')
 
 	delete_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -701,6 +704,7 @@ interface(`fs_manage_cgroup_dirs',`
 	')
 
 	manage_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -720,6 +724,7 @@ interface(`fs_read_cgroup_files',`
 	')
 
 	read_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -738,6 +743,7 @@ interface(`fs_write_cgroup_files', `
 	')
 
 	write_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -757,6 +763,7 @@ interface(`fs_rw_cgroup_files',`
 	')
 
 	rw_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -796,6 +803,7 @@ interface(`fs_manage_cgroup_files',`
 	')
 
 	manage_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################