From 2750e78542a36bfffc97701183b839c8417e77aa Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 24 Jul 2020 06:06:27 -0400
Subject: [PATCH] Allow uncontined domains to transition to container domains

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/container.te b/container.te
index 5b8b68d..bcf5afc 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.140.0)
+policy_module(container, 2.141.0)
 gen_require(`
 	class passwd rootok;
 ')
@@ -544,7 +544,7 @@ optional_policy(`
 	role_transition unconfined_r container_runtime_exec_t system_r;
 	allow container_domain unconfined_t:fifo_file { rw_fifo_file_perms map };
 	allow container_runtime_domain unconfined_t:fifo_file setattr;
-	allow unconfined_t container_domain:process dyntransition;
+	allow unconfined_domain_type container_domain:process {transition dyntransition };
 	allow unconfined_t unlabeled_t:key manage_key_perms;
 	allow container_runtime_t unconfined_t:process transition;
 	allow unconfined_t { container_var_lib_t container_ro_file_t }:file entrypoint;