diff --git a/container.te b/container.te
index 9e368f9..ed2cb03 100644
--- a/container.te
+++ b/container.te
@@ -390,7 +390,10 @@ optional_policy(`
 ')
 
 optional_policy(`
-	iptables_domtrans(container_runtime_domain)
+	gen_require(`
+		role unconfined_r;
+	')
+	iptables_run(container_runtime_domain, unconfined_r)
 
 	container_read_pid_files(iptables_t)
 	container_read_state(iptables_t)