container: label /run/user/*/crun as container_var_run_t

giuseppe · giuseppe · commit ae3532b16fea · 2025-09-11T15:40:45.000+02:00
Closes: #404 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
diff --git a/container.te b/container.te
@@ -322,6 +322,7 @@ manage_sock_files_pattern(container_runtime_domain, container_var_run_t, contain
 manage_lnk_files_pattern(container_runtime_domain, container_var_run_t, container_var_run_t)
 files_pid_filetrans(container_runtime_domain, container_var_run_t, { dir file lnk_file sock_file })
 files_tmp_filetrans(container_runtime_domain, container_var_run_t, { dir file lnk_file sock_file })
+userdom_user_tmp_filetrans(container_runtime_domain, container_var_run_t, { dir file lnk_file sock_file })
 allow container_runtime_domain container_var_run_t:dir_file_class_set relabelfrom;
 
 allow container_runtime_domain container_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
