diff --git a/container.te b/container.te
index d425e24..ae18c4b 100644
--- a/container.te
+++ b/container.te
@@ -1348,6 +1348,9 @@ allow container_domain init_t:unix_stream_socket { accept ioctl read getattr loc
 
 allow container_t proc_t:filesystem remount;
 
+# Allow containers to access shared runtime directories for OCI runtime optimizations
+allow container_t container_var_run_t:dir { read open };
+
 # Container kvm - Policy for running kata containers
 container_domain_template(container_kvm, container)
 typeattribute container_kvm_t container_net_domain, container_user_domain;