From 86701b3fe2630443240423ff59ed39c71e800ac4 Mon Sep 17 00:00:00 2001
From: Talor Itzhak <titzhak@redhat.com>
Date: Mon, 16 Dec 2024 17:15:25 +0200
Subject: [PATCH] Revert "selinux: add kubelet_var_lib_t permissions"

This reverts commit 12718ed5c8ea8647588b28104c371a0096759663.
---
 pkg/assets/selinux/policy/ocp_v4.16.cil | 1 -
 pkg/assets/selinux/policy/ocp_v4.17.cil | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/assets/selinux/policy/ocp_v4.16.cil b/pkg/assets/selinux/policy/ocp_v4.16.cil
index 2913ef3f..99985d2f 100644
--- a/pkg/assets/selinux/policy/ocp_v4.16.cil
+++ b/pkg/assets/selinux/policy/ocp_v4.16.cil
@@ -20,6 +20,5 @@
 	;
 	; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock
 	(allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append)))
-	(allow process kubelet_var_lib_t (sock_file (open getattr read write ioctl lock append)))
 	(allow process kubelet_t (unix_stream_socket (connectto)))
 )
diff --git a/pkg/assets/selinux/policy/ocp_v4.17.cil b/pkg/assets/selinux/policy/ocp_v4.17.cil
index 2913ef3f..99985d2f 100644
--- a/pkg/assets/selinux/policy/ocp_v4.17.cil
+++ b/pkg/assets/selinux/policy/ocp_v4.17.cil
@@ -20,6 +20,5 @@
 	;
 	; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock
 	(allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append)))
-	(allow process kubelet_var_lib_t (sock_file (open getattr read write ioctl lock append)))
 	(allow process kubelet_t (unix_stream_socket (connectto)))
 )