+## Allow all container domains to read cert files and directories +##
+#### Determine whether sshd can launch container engines @@ -606,6 +613,10 @@ tunable_policy(`container_use_cephfs',` allow container_domain cephfs_t:file execmod; ') +tunable_policy(`container_read_certs',` + miscfiles_read_all_certs(container_domain) +') + gen_require(` type ecryptfs_t; ')