From 7efdd3d848ebe607d829f0112637b65e41e2e28a Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 11 Oct 2023 06:44:20 -0400
Subject: [PATCH] Allow container domains to execute container_runtime_tmpfs_t
 files

Fixes: https://github.com/containers/container-selinux/issues/274

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/container.te b/container.te
index a05c516..59951cb 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.223.0)
+policy_module(container, 2.224.0)
 
 gen_require(`
 	class passwd rootok;
@@ -954,6 +954,7 @@ fs_mount_tmpfs(container_domain)
 
 dontaudit container_domain container_runtime_tmpfs_t:dir read;
 allow container_domain container_runtime_tmpfs_t:dir mounton;
+can_exec(container_domain, container_runtime_tmpfs_t)
 
 allow container_domain self:key manage_key_perms;
 dontaudit container_domain container_domain:key search;