podman: Allow containers to read system certificates

2022-07-09 16:09:00 +00:00 · 2022-07-09 16:09:00 +00:00 · 613beb7ddf
commit 613beb7ddf
parent 7349c688c5
3 changed files with 37 additions and 0 deletions
--- a/roles/podman/files/podman-certs.pp
+++ b/roles/podman/files/podman-certs.pp
--- a/roles/podman/files/podman-certs.te
+++ b/roles/podman/files/podman-certs.te
@ -0,0 +1,12 @@
+
+module podman-certs 1.0;
+
+require {
+	type cert_t;
+	type container_t;
+	class file { open read };
+}
+
+#============= container_t ==============
+allow container_t cert_t:file read;
+allow container_t cert_t:file open;