From cc5da8a99d1bbc5c752b82e07f4634ffc6e1ca32 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 11 Sep 2024 09:52:09 -0400
Subject: [PATCH] Allow container_device_plugin_t to use the network (#325)

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/container.te b/container.te
index 8058bff..989a026 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.232.1)
+policy_module(container, 2.233.0)
 
 gen_require(`
 	class passwd rootok;
@@ -1516,6 +1516,7 @@ allow container_device_t device_node:chr_file rw_chr_file_perms;
 # Standard container which needs to be allowed to use any device and
 # communicate with kubelet
 container_domain_template(container_device_plugin, container)
+typeattribute container_device_plugin_t container_net_domain;
 allow container_device_plugin_t device_node:chr_file rw_chr_file_perms;
 dev_rw_sysfs(container_device_plugin_t)
 kernel_read_debugfs(container_device_plugin_t)