diff --git a/f42-server/Containerfile b/f42-server/Containerfile
index 47c9bd4..d3286d9 100644
--- a/f42-server/Containerfile
+++ b/f42-server/Containerfile
@@ -14,13 +14,20 @@ FROM quay.io/fedora/fedora-silverblue:42
 
 COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
 
-# Set up Synapse SELinux policy
+# Set up custom SELinux policies
 COPY synapse.te /tmp/synapse.te
+COPY benZfsSnapshotAutomount.te /tmp/benZfsSnapshotAutomount.te
 RUN checkmodule -M -m -o /tmp/synapse.mod /tmp/synapse.te \
     && semodule_package -o /tmp/synapse.pp -m /tmp/synapse.mod \
     && semodule -r synapse || true \
     && semodule -i /tmp/synapse.pp \
-    && rm -f /tmp/synapse.{te,mod,pp}
+    && rm -f /tmp/synapse.{te,mod,pp} \
+    && checkmodule -M -m -o /tmp/benZfsSnapshotAutomount.mod /tmp/benZfsSnapshotAutomount.te \
+    && semodule_package -o /tmp/benZfsSnapshotAutomount.pp -m /tmp/benZfsSnapshotAutomount.mod \
+    && semodule -r benZfsSnapshotAutomount || true \
+    && semodule -i /tmp/benZfsSnapshotAutomount.pp \
+    && rm -f /tmp/benZfsSnapshotAutomount.{te,mod,pp}
+
 
 # Install ZFS repository
 RUN rpm-ostree install https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
diff --git a/f42-server/benZfsSnapshotAutomount.te b/f42-server/benZfsSnapshotAutomount.te
new file mode 100644
index 0000000..632aef7
--- /dev/null
+++ b/f42-server/benZfsSnapshotAutomount.te
@@ -0,0 +1,24 @@
+module benZfsSnapshotAutomount 1.1;
+
+require {
+	type container_file_t;
+	type device_t;
+	type fs_t;
+	type kernel_generic_helper_t;
+	type mount_exec_t;
+	type unlabeled_t;
+	class capability { setgid setuid sys_admin };
+	class chr_file { ioctl open read write };
+	class dir { mounton search };
+	class file { execute open read execute_no_trans map getattr };
+	class filesystem mount;
+}
+
+#============= kernel_generic_helper_t ==============
+allow kernel_generic_helper_t container_file_t:dir search;
+allow kernel_generic_helper_t device_t:chr_file { ioctl open read write };
+allow kernel_generic_helper_t fs_t:filesystem mount;
+allow kernel_generic_helper_t mount_exec_t:file { execute open read execute_no_trans map getattr };
+allow kernel_generic_helper_t self:capability { setgid setuid sys_admin };
+allow kernel_generic_helper_t unlabeled_t:dir { mounton search };
+