From 61b862abec5bc33724d7853b095ab6268fc485b7 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 24 May 2021 10:02:35 -0400
Subject: [PATCH] Don't setup users for writing to pid_sockets

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.if | 1 -
 container.te | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/container.if b/container.if
index f878ad2..773edc7 100644
--- a/container.if
+++ b/container.if
@@ -586,7 +586,6 @@ interface(`container_spc_stream_connect',`
 	')
 
 	files_search_pids($1)
-	files_write_all_pid_sockets($1)
 	allow $1 spc_t:unix_stream_socket connectto;
 ')
 
diff --git a/container.te b/container.te
index 4433c3e..5cd29af 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.162.1)
+policy_module(container, 2.162.2)
 
 gen_require(`
 	class passwd rootok;