From a1a96a2e52b2ff17cf76f15158c1b40b75738957 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 30 May 2023 14:28:51 -0400
Subject: [PATCH] Fix spc_t transitions from container_runtime_domain

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/container.te b/container.te
index 75eb003..81a1675 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.215.0)
+policy_module(container, 2.216.0)
 
 gen_require(`
 	class passwd rootok;
@@ -722,7 +722,8 @@ domtrans_pattern(container_runtime_domain, container_var_lib_t, spc_t)
 domtrans_pattern(container_runtime_domain, fusefs_t, spc_t)
 fs_tmpfs_filetrans(spc_t, container_file_t, { dir file lnk_file })
 
-allow container_runtime_domain spc_t:process2 nnp_transition;
+allow container_runtime_domain spc_t:process2 { nnp_transition nosuid_transition };
+
 admin_pattern(spc_t, kubernetes_file_t)
 
 allow spc_t container_runtime_domain:fifo_file manage_fifo_file_perms;