From 735aaf40e51097db34e70e98d9ad4372319231c5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 13 Dec 2022 12:57:53 -0500
Subject: [PATCH] Allow syslogd_t to use tmpfs files created by container
 runtime

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/container.te b/container.te
index 2113fa8..5166a10 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.193.0)
+policy_module(container, 2.194.0)
 
 gen_require(`
 	class passwd rootok;
@@ -1377,3 +1377,12 @@ dev_rw_sysfs(container_device_plugin_init_t)
 manage_dirs_pattern(container_device_plugin_init_t, kubernetes_file_t, kubernetes_file_t)
 manage_files_pattern(container_device_plugin_init_t, kubernetes_file_t, kubernetes_file_t)
 manage_lnk_files_pattern(container_device_plugin_init_t, kubernetes_file_t, kubernetes_file_t)
+
+optional_policy(`
+	gen_require(`
+		type syslogd_t;
+	')
+
+	allow syslogd_t container_runtime_tmpfs_t:file { read write };
+	logging_send_syslog_msg(container_runtime_t)
+')