KVM Container need to use tunnel sockets created by runtime.

Signed-off-by: Daniel J Walsh <[email protected]>

Author: rhatdan

container.te

@@ -1,4 +1,4 @@
-policy_module(container, 2.150.0)
+policy_module(container, 2.151.0)
 gen_require(`
 	class passwd rootok;
 ')
@@ -1148,6 +1148,8 @@ allow container_kvm_t container_runtime_t:unix_stream_socket rw_stream_socket_pe
 
 container_stream_connect(container_kvm_t)
 
+allow container_kvm_t container_runtime_t:tun_socket attach_queue;
+
 dev_rw_inherited_vhost(container_kvm_t)
 dev_rw_vfio_dev(container_kvm_t)