diff --git a/container.fc b/container.fc index 7241ab3..f16a652 100644 --- a/container.fc +++ b/container.fc @@ -93,6 +93,7 @@ /var/lib/buildkit/containerd-.*(/.*?) gen_context(system_u:object_r:container_ro_file_t,s0) HOME_DIR/\.local/share/ramalama(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) +HOME_DIR/\.local/share/containers/storage/artifacts(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) HOME_DIR/\.local/share/containers/storage/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) HOME_DIR/\.local/share/containers/storage/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) HOME_DIR/\.local/share/containers/storage/overlay-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) @@ -110,6 +111,7 @@ HOME_DIR/\.local/share/containers/storage/volumes/[^/]*/.* gen_context(system_u: /var/lib/containers/overlay2-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) /var/lib/containers/atomic(/.*)? <> /var/lib/containers/storage/volumes/[^/]*/.* gen_context(system_u:object_r:container_file_t,s0) +/var/lib/containers/storage/artifacts(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) /var/lib/containers/storage/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) /var/lib/containers/storage/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) /var/lib/containers/storage/overlay-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0) diff --git a/container.if b/container.if index 3914e0f..46466ae 100644 --- a/container.if +++ b/container.if @@ -537,6 +537,7 @@ interface(`container_filetrans_named_content',` # workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/4/work) filetrans_pattern($1, container_var_lib_t, container_file_t, dir, "snapshots") filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "init") + filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "artifacts") filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "overlay") filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "overlay-images") filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "overlay-layers") @@ -563,6 +564,7 @@ interface(`container_filetrans_named_content',` filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "containerd-soci") filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "ramalama") + filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "artifacts") filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay") filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-images") filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-layers")