Readd missing container policy

Signed-off-by: Daniel J Walsh <[email protected]>

Author: rhatdan

container.if

@@ -887,6 +887,35 @@ template(`container_domain_template',`
 	type $1_t, container_domain;
 	domain_type($1_t)
 	domain_user_exemption_target($1_t)
+
+	container_manage_files_template($1, $2)
+')
+
+
+########################################
+## <summary>
+##	Manage container files template
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	Prefix for the domain.
+##	</summary>
+## </param>
+## <param name="prefix">
+##	<summary>
+##	Prefix for the file type.
+##	</summary>
+## </param>
+#
+template(`container_manage_files_template',`
+	gen_require(`
+		attribute container_domain;
+		type container_runtime_t;
+		type container_var_lib_t;
+		type container_ro_file_t;
+	')
+
+
 	mls_rangetrans_target($1_t)
 	mcs_constrained($1_t)
 	role system_r types $1_t;

container.te

@@ -1,4 +1,4 @@
-policy_module(container, 2.195.0)
+policy_module(container, 2.196.1)
 
 gen_require(`
 	class passwd rootok;
@@ -779,6 +779,8 @@ gen_require(`
 	type container_t;
 	type container_file_t;
 ')
+container_manage_files_template(container, container)
+
 typeattribute container_file_t container_file_type;
 typeattribute container_t container_domain, container_net_domain, container_user_domain;
 allow container_user_domain self:process getattr;
@@ -1092,8 +1094,6 @@ fs_relabelfrom_tmpfs(container_userns_t)
 fs_remount_cgroup(container_userns_t)
 
 kernel_mount_proc(container_userns_t)
-kernel_mount_proc(container_userns_t)
-kernel_mounton_proc(container_userns_t)
 kernel_mounton_proc(container_userns_t)
 
 term_use_generic_ptys(container_userns_t)