diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 66b16e4e42..de00809c62 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -30,6 +30,13 @@ gen_tunable(container_manage_public_content, false)
 ## </desc>
 gen_tunable(container_read_public_content, false)
 
+## <desc>
+##	<p>
+##	Allow containers to read generic certs.
+##	</p>
+## </desc>
+gen_tunable(container_read_generic_certs, false)
+
 ## <desc>
 ##	<p>
 ##	Allow super privileged containers to create NFS servers.
@@ -405,6 +412,10 @@ tunable_policy(`container_read_public_content',`
 	miscfiles_watch_public_dirs(container_domain)
 ')
 
+tunable_policy(`container_read_generic_certs',`
+	miscfiles_read_generic_certs(container_domain)
+')
+
 tunable_policy(`container_use_dri',`
 	dev_rw_dri(container_domain)
 ')