Fix el9 policy to resolve the conflict with newer container-selinux v…

…ersion (#45)

Signed-off-by: galal-hussein <[email protected]>

policy/centos9/k3s.fc

@@ -6,8 +6,8 @@
 /usr/s?bin/k3s                                                  --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/s?bin/k3s                                            --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /var/lib/rancher/k3s(/.*)?                                          gen_context(system_u:object_r:container_var_lib_t,s0)
-/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots           -d  gen_context(system_u:object_r:container_share_t,s0)
-/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*     -d  gen_context(system_u:object_r:container_share_t,s0)
+/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots           -d  gen_context(system_u:object_r:container_file_t,s0)
+/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*     -d  gen_context(system_u:object_r:container_file_t,s0)
 /var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*/.*      <<none>>
 /var/lib/rancher/k3s/agent/containerd/[^/]*/sandboxes(/.*)?         gen_context(system_u:object_r:container_share_t,s0)
 /var/lib/rancher/k3s/data(/.*)?                                     gen_context(system_u:object_r:k3s_data_t,s0)

policy/centos9/k3s.te

@@ -33,7 +33,7 @@ filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, fil
 filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, file, "containerd-shim-runc-v2")
 filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, file, "runc")
 filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "storage")
-filetrans_pattern(container_runtime_t, container_var_lib_t, container_share_t, dir, "snapshots")
+filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "snapshots")
 filetrans_pattern(container_runtime_t, var_lib_t, container_var_lib_t, dir, "kubelet")
 filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "pods")
 filetrans_pattern(container_runtime_t, var_log_t, container_log_t, dir, "containers")