diff --git a/container.te b/container.te
index 51fe0c4..70c895f 100644
--- a/container.te
+++ b/container.te
@@ -805,6 +805,7 @@ tunable_policy(`container_connect_any',`
 # spc local policy
 #
 allow spc_t { container_file_t container_var_lib_t container_ro_file_t container_runtime_tmpfs_t}:file entrypoint;
+allow spc_t self:process { execstack execmem };
 role system_r types spc_t;
 dontaudit spc_t self:memprotect mmap_zero;