diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 990063c..42d4e8d 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -542,6 +542,8 @@ template(`userdom_common_user_template',`
 	# Stat lost+found.
 	files_getattr_lost_found_dirs($1_t)
 
+	fs_rw_cgroup_files($1_t)
+
 	# cjp: some of this probably can be removed
 	selinux_get_fs_mount($1_t)
 	selinux_validate_context($1_t)
@@ -753,8 +755,10 @@ template(`userdom_login_user_template', `
 	fs_getattr_all_fs($1_t)
 	fs_getattr_all_dirs($1_t)
 	fs_search_auto_mountpoints($1_t)
+	fs_list_cgroup_dirs($1_t)
 	fs_list_inotifyfs($1_t)
 	fs_rw_anon_inodefs_files($1_t)
+	fs_dontaudit_rw_cgroup_files($1_t)
 
 	auth_dontaudit_write_login_records($1_t)