diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index f55ef226c1..b221e31094 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -176,6 +176,11 @@
                 execute_no_trans read write open entrypoint map
                 getattr link unlink)))
 
+  ;; Remounting /gnu/store read-write.
+  (allow guix_daemon_t
+         fs_t
+         (filesystem (remount)))
+
   ;; TODO: unknown
   (allow guix_daemon_t
          root_t
@@ -223,6 +228,9 @@
   (allow guix_daemon_t
          tmpfs_t
          (file (create open read unlink write)))
+  (allow guix_daemon_t                          ;same as above, but with tmp_t
+         tmp_t
+         (file (create open read unlink write)))
   (allow guix_daemon_t
          tmpfs_t
          (dir (getattr add_name remove_name write)))