diff --git a/domain.te b/domain.te
index 4ecca7e0643ca17b35015130b6a31dc8473762e8..d02db11f9c118703e098d6cd8a0a01aaa63e35e2 100644
--- a/domain.te
+++ b/domain.te
@@ -115,6 +115,9 @@ allow domain proc:lnk_file { getattr read };
 # /proc/cpuinfo
 allow domain proc_cpuinfo:file r_file_perms;
 
+# jemalloc needs to read /proc/sys/vm/overcommit_memory
+allow domain proc_overcommit_memory:file r_file_perms;
+
 # toybox loads libselinux which stats /sys/fs/selinux/
 allow domain selinuxfs:dir search;
 allow domain selinuxfs:file getattr;
diff --git a/file.te b/file.te
index f30911aeaab237be774f3e2ac05b4ae6061656d4..cab2a5e6105ecfb1277fa51a000c17933f335cb1 100644
--- a/file.te
+++ b/file.te
@@ -6,8 +6,8 @@ type rootfs, fs_type;
 type proc, fs_type;
 # Security-sensitive proc nodes that should not be writable to most.
 type proc_security, fs_type;
-# Type for /proc/sys/vm/drop_caches
 type proc_drop_caches, fs_type;
+type proc_overcommit_memory, fs_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
 type usermodehelper, fs_type, sysfs_type;
 type qtaguid_proc, fs_type, mlstrustedobject;
diff --git a/genfs_contexts b/genfs_contexts
index d823476e7b9dd9184699934840bdaf17deb5dccf..891c686fbc64356837068fdf56a6facc30829fa9 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -23,6 +23,7 @@ genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
 genfscon proc /sys/net u:object_r:proc_net:s0
 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
+genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0