diff --git a/kernel.te b/kernel.te
index 1faa9db80abb86ad3120f9ca7824ce255cd927b1..0de0ab894424c7d71b1b75953b103ab7593b28cb 100644
--- a/kernel.te
+++ b/kernel.te
@@ -11,6 +11,9 @@ unconfined_domain(kernel)
 # cgroup filesystem initialization prior to setting the cgroup root directory label.
 allow kernel unlabeled:dir search;
 
+# Mount usbfs.
+allow kernel usbfs:filesystem mount;
+
 # init direct restorecon calls prior to switching to init domain
 # /dev and /dev/socket
 allow kernel { device socket_device }:dir relabelto;