diff --git a/container.te b/container.te
index 84d2756..bff1917 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.227.0)
+policy_module(container, 2.228.0)
 
 gen_require(`
 	class passwd rootok;
@@ -904,6 +904,7 @@ dontaudit container_domain self:dir { write add_name };
 allow container_domain self:file rw_file_perms;
 allow container_domain self:lnk_file read_file_perms;
 allow container_domain self:fifo_file create_fifo_file_perms;
+allow container_domain self:fifo_file watch;
 allow container_domain self:filesystem associate;
 allow container_domain self:key manage_key_perms;
 allow container_domain self:netlink_route_socket r_netlink_socket_perms;
diff --git a/rpm/container-selinux.spec b/rpm/container-selinux.spec
index 159c44c..7c819a8 100644
--- a/rpm/container-selinux.spec
+++ b/rpm/container-selinux.spec
@@ -71,6 +71,7 @@ sed -i 's/^install: man/install:/' Makefile
 sed -i 's/watch watch_reads//' container.if
 sed -i 's/watch watch_reads//' container.te
 sed -i '/sysfs_t:dir watch/d' container.te
+sed -i '/fifo_file watch/d' container.te
 %endif
 
 %if %{defined no_systemd_chat_resolved}