From 251c530763a9ef789c79985e8536edb73d1f4857 Mon Sep 17 00:00:00 2001
From: Radim Hrazdil <rhrazdil@redhat.com>
Date: Tue, 15 Nov 2022 09:17:03 +0100
Subject: [PATCH] Allow containers to mount tmpfs_t file systems

Signed-off-by: Radim Hrazdil <rhrazdil@redhat.com>
---
 container.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/container.te b/container.te
index 3cbae7b..5a5d690 100644
--- a/container.te
+++ b/container.te
@@ -836,6 +836,7 @@ container_spc_stream_connect(container_domain)
 fs_dontaudit_remount_tmpfs(container_domain)
 dev_dontaudit_mounton_sysfs(container_domain)
 dev_dontaudit_mounton_sysfs(container_domain)
+allow container_t tmpfs_t:filesystem { mount };
 
 dontaudit container_domain container_runtime_tmpfs_t:dir read;
 allow container_domain container_runtime_tmpfs_t:dir mounton;