From 10a7aa9286d22ffeeb3f89789b2152171fa8159e Mon Sep 17 00:00:00 2001
From: Hussein Galal <galal-hussein@users.noreply.github.com>
Date: Wed, 17 May 2023 19:29:19 +0300
Subject: [PATCH] Fix el9 policy to resolve the conflict with newer
 container-selinux version (#45)

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---
 policy/centos9/k3s.fc | 4 ++--
 policy/centos9/k3s.te | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/policy/centos9/k3s.fc b/policy/centos9/k3s.fc
index 3fb17cd..88d7612 100644
--- a/policy/centos9/k3s.fc
+++ b/policy/centos9/k3s.fc
@@ -6,8 +6,8 @@
 /usr/s?bin/k3s                                                  --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/s?bin/k3s                                            --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /var/lib/rancher/k3s(/.*)?                                          gen_context(system_u:object_r:container_var_lib_t,s0)
-/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots           -d  gen_context(system_u:object_r:container_share_t,s0)
-/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*     -d  gen_context(system_u:object_r:container_share_t,s0)
+/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots           -d  gen_context(system_u:object_r:container_file_t,s0)
+/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*     -d  gen_context(system_u:object_r:container_file_t,s0)
 /var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*/.*      <<none>>
 /var/lib/rancher/k3s/agent/containerd/[^/]*/sandboxes(/.*)?         gen_context(system_u:object_r:container_share_t,s0)
 /var/lib/rancher/k3s/data(/.*)?                                     gen_context(system_u:object_r:k3s_data_t,s0)
diff --git a/policy/centos9/k3s.te b/policy/centos9/k3s.te
index d5ccba3..fc25486 100644
--- a/policy/centos9/k3s.te
+++ b/policy/centos9/k3s.te
@@ -33,7 +33,7 @@ filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, fil
 filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, file, "containerd-shim-runc-v2")
 filetrans_pattern(container_runtime_t, k3s_root_t, container_runtime_exec_t, file, "runc")
 filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "storage")
-filetrans_pattern(container_runtime_t, container_var_lib_t, container_share_t, dir, "snapshots")
+filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "snapshots")
 filetrans_pattern(container_runtime_t, var_lib_t, container_var_lib_t, dir, "kubelet")
 filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "pods")
 filetrans_pattern(container_runtime_t, var_log_t, container_log_t, dir, "containers")