diff --git a/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.mod b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.mod
new file mode 100644
index 0000000000..49ca37b8d4
Binary files /dev/null and b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.mod differ
diff --git a/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.pp b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.pp
new file mode 100644
index 0000000000..f4be1215e3
Binary files /dev/null and b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.pp differ
diff --git a/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.te b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.te
new file mode 100644
index 0000000000..1028deb976
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist_proxy/files/selinux/mirrorlist-logrotate.te
@@ -0,0 +1,12 @@
+module mirrorlist-logrotate 1.0;
+
+require {
+	type logrotate_t;
+	type svirt_sandbox_file_t;
+	class file { setattr create write };
+	class dir { write add_name remove_name };
+}
+
+#============= logrotate_t ==============
+allow logrotate_t svirt_sandbox_file_t:dir { add_name remove_name write };
+allow logrotate_t svirt_sandbox_file_t:file { setattr create write };
diff --git a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml
index ebec1299ea..37c45a0e52 100644
--- a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml
+++ b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml
@@ -97,3 +97,24 @@
         cron_file=restart-mirrorlist-containers
   tags:
   - mirrorlist_proxy
+
+# Custom selinux policy to allow logrotate to rotate our mirrorlist logs
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/local/share/mirrorlist-logrotate state=directory
+  tags:
+  - selinux
+  - mirrorlist_proxy
+
+- name: copy over our custom selinux module
+  copy: src=selinux/mirrorlist-logrotate.pp dest=/usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp
+  register: selinux_module
+  tags:
+  - selinux
+  - mirrorlist_proxy
+
+- name: install our custom selinux module
+  command: semodule -i /usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp
+  when: selinux_module|changed
+  tags:
+  - selinux
+  - mirrorlist_proxy