diff --git a/roles/podman/files/podman-certs.pp b/roles/podman/files/podman-certs.pp
index 22ae496..3f4a3ac 100644
Binary files a/roles/podman/files/podman-certs.pp and b/roles/podman/files/podman-certs.pp differ
diff --git a/roles/podman/files/podman-certs.te b/roles/podman/files/podman-certs.te
index b38eb47..75ae43c 100644
--- a/roles/podman/files/podman-certs.te
+++ b/roles/podman/files/podman-certs.te
@@ -4,9 +4,8 @@ module podman-certs 1.0;
 require {
 	type cert_t;
 	type container_t;
-	class file { open read };
+	class file { getattr open read };
 }
 
 #============= container_t ==============
-allow container_t cert_t:file read;
-allow container_t cert_t:file open;
+allow container_t cert_t:file { getattr open read };