From 965c7fb488ccec2c623d1b71e665f70c8ef3db11 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 23 Jul 2020 14:13:47 -0400
Subject: [PATCH] Allow cron jobs to run podman

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/container.te b/container.te
index ece14b4..5b8b68d 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.139.0)
+policy_module(container, 2.140.0)
 gen_require(`
 	class passwd rootok;
 ')
@@ -310,6 +310,10 @@ seutil_read_config(container_runtime_domain)
 sysnet_dns_name_resolve(container_runtime_domain)
 sysnet_exec_ifconfig(container_runtime_domain)
 
+optional_policy(`
+	cron_system_entry(container_runtime_t, container_runtime_exec_t)
+')
+
 optional_policy(`
 	ssh_use_ptys(container_runtime_domain)
 ')