diff --git a/pkg/assets/selinux/policy/ocp_v4.16.cil b/pkg/assets/selinux/policy/ocp_v4.16.cil index 99985d2f..2913ef3f 100644 --- a/pkg/assets/selinux/policy/ocp_v4.16.cil +++ b/pkg/assets/selinux/policy/ocp_v4.16.cil @@ -20,5 +20,6 @@ ; ; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock (allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append))) + (allow process kubelet_var_lib_t (sock_file (open getattr read write ioctl lock append))) (allow process kubelet_t (unix_stream_socket (connectto))) ) diff --git a/pkg/assets/selinux/policy/ocp_v4.17.cil b/pkg/assets/selinux/policy/ocp_v4.17.cil index 99985d2f..2913ef3f 100644 --- a/pkg/assets/selinux/policy/ocp_v4.17.cil +++ b/pkg/assets/selinux/policy/ocp_v4.17.cil @@ -20,5 +20,6 @@ ; ; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock (allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append))) + (allow process kubelet_var_lib_t (sock_file (open getattr read write ioctl lock append))) (allow process kubelet_t (unix_stream_socket (connectto))) )