diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index e55bf337e3..de77c0f090 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -5529,6 +5529,24 @@ interface(`files_delete_usr_dirs',`
               delete_dirs_pattern($1, usr_t, usr_t)
')
+########################################
+## <summary>
+##      Dontaudit Manage /usr directories.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`files_dontaudit_manage_usr_dirs',`
+        gen_require(`
+                type usr_t;
+        ')
+
+        dontaudit $1 usr_t:dir manage_dir_perms;
+')
+
########################################
## <summary>
##          Watch generic directories in /usr.
diff --git a/policy/modules/services/docker.te b/policy/modules/services/docker.te
index a23c21c8f6..f40713d121 100644
--- a/policy/modules/services/docker.te
+++ b/policy/modules/services/docker.te
@@ -47,7 +47,7 @@ container_runtime_named_socket_activation(dockerd_t)
# docker fails to start if /proc/kallsyms is unreadable,
# but only when btrfs support is disabled
files_read_kernel_symbol_table(dockerd_t)
-files_dontaudit_write_usr_dirs(dockerd_t)
+files_dontaudit_manage_usr_dirs(dockerd_t)
 kernel_relabelfrom_unlabeled_dirs(dockerd_t)
# docker wants to load binfmt_misc