From b383f07f547c3ae491edcd116133f79d6f50a6e7 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 24 Oct 2019 11:53:42 -0400
Subject: [PATCH] Allow containers to use leaked pipes from user domains

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 VERSION      | 2 +-
 container.te | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/VERSION b/VERSION
index 759c8b7..23fe2bf 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.118.0
+2.119.0
diff --git a/container.te b/container.te
index c9d9103..dc1bbe3 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.118.0)
+policy_module(container, 2.119.0)
 gen_require(`
 	class passwd rootok;
 ')
@@ -754,6 +754,7 @@ fs_dontaudit_getattr_all_files(container_domain)
 term_use_all_inherited_terms(container_domain)
 
 userdom_use_user_ptys(container_domain)
+userdom_rw_inherited_user_pipes(container_domain)
 
 domain_dontaudit_link_all_domains_keyrings(container_domain)
 domain_dontaudit_search_all_domains_keyrings(container_domain)