Add proper labeling for RamaLama

Signed-off-by: Daniel J Walsh <[email protected]>

Author: rhatdan

container.fc

@@ -92,6 +92,7 @@
 # Unlike the runc-<SNAPSHOTTER> directory, this directory does not contain the "executor" directory inside it.
 /var/lib/buildkit/containerd-.*(/.*?)	gen_context(system_u:object_r:container_ro_file_t,s0)
 
+HOME_DIR/\.local/share/ramalama(/.*)?		 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay2(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay-layers(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)

container.if

@@ -562,6 +562,7 @@ interface(`container_filetrans_named_content',`
     # Third-party snapshotters
     filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "containerd-soci")
 
+    filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "ramalama")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-images")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-layers")

container.te

@@ -1,4 +1,4 @@
-policy_module(container, 2.234.0)
+policy_module(container, 2.234.1)
 
 gen_require(`
 	class passwd rootok;