module podman-certs 1.0;

require {
	type cert_t;
	type container_t;
	class file { getattr open read };
}

#============= container_t ==============
allow container_t cert_t:file { getattr open read };