diff --git a/scripts/selinux/nginx_agent.pp b/scripts/selinux/nginx_agent.pp
index 30f652faff..d241d86f3b 100644
Binary files a/scripts/selinux/nginx_agent.pp and b/scripts/selinux/nginx_agent.pp differ
diff --git a/scripts/selinux/nginx_agent.te b/scripts/selinux/nginx_agent.te
index a7faac2e4a..125ce13d28 100644
--- a/scripts/selinux/nginx_agent.te
+++ b/scripts/selinux/nginx_agent.te
@@ -65,6 +65,7 @@ require {
 	type fixed_disk_device_t;
 	type nvme_device_t;
 	type udev_var_run_t;
+	type cgroup_t;
 }
 
 allow nginx_agent_t bin_t:file { execute execute_no_trans };
@@ -147,4 +148,8 @@ allow nginx_agent_t self:udp_socket { connect create getattr setopt };
 allow nginx_agent_t fixed_disk_device_t:blk_file getattr;
 allow nginx_agent_t nvme_device_t:blk_file getattr;
 allow nginx_agent_t udev_var_run_t:dir search;
-allow nginx_agent_t udev_var_run_t:file { getattr open read };
\ No newline at end of file
+allow nginx_agent_t udev_var_run_t:file { getattr open read };
+
+#============= nginx_agent_t ==============
+allow nginx_agent_t cgroup_t:dir search;
+allow nginx_agent_t cgroup_t:file { open read };