module podman-certs 1.0;

require {
	type cert_t;
	type container_t;
	class file { open read };
}

#============= container_t ==============
allow container_t cert_t:file read;
allow container_t cert_t:file open;