From 79a0e9c0cc8786d45cf6194aad5f426f77bea530 Mon Sep 17 00:00:00 2001
From: Dave Sugar <dsugar100@gmail.com>
Date: Mon, 30 Sep 2024 21:38:20 -0400
Subject: [PATCH] Make mta optional in container policy

Don't need to have mta policy loaded when loading container policy.

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
---
 policy/modules/services/container.te | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 8fcd88e1e6..1c88308369 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -391,8 +391,6 @@ miscfiles_dontaudit_setattr_fonts_cache_dirs(container_domain)
 miscfiles_read_fonts(container_domain)
 miscfiles_read_generic_certs(container_domain)
 
-mta_dontaudit_read_spool_symlinks(container_domain)
-
 container_rw_device_files(container_domain)
 container_use_container_ptys(container_domain)
 
@@ -456,6 +454,10 @@ optional_policy(`
 	kubernetes_watch_tmpfs_files(container_domain)
 ')
 
+optional_policy(`
+	mta_dontaudit_read_spool_symlinks(container_domain)
+')
+
 optional_policy(`
 	podman_rw_conmon_pipes(container_domain)
 	podman_use_conmon_fds(container_domain)