diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 0dd69c19e4..673e246382 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -87,6 +87,13 @@ gen_tunable(samba_share_fusefs, false)
 ## </desc>
 gen_tunable(samba_load_libgfapi, false)
 
+## <desc>
+## <p>
+## Allow smbd to load libcephfs proxy from ceph.
+## </p>
+## </desc>
+gen_tunable(samba_load_libcephfs_proxy, false)
+
 type nmbd_t;
 type nmbd_exec_t;
 init_daemon_domain(nmbd_t, nmbd_exec_t)
@@ -584,6 +591,13 @@ tunable_policy(`samba_load_libgfapi',`
     corenet_sendrecv_all_packets(smbd_t)
 ')
 
+optional_policy(`
+    tunable_policy(`samba_load_libcephfs_proxy',`
+        unconfined_stream_connect(smbd_t)
+        rw_sock_files_pattern(smbd_t, var_run_t, var_run_t)
+    ')
+')
+
 optional_policy(`
     avahi_dbus_chat(smbd_t)
 ')