diff --git a/roles/rke2/selinux/my-openstack.te b/roles/rke2/selinux/my-openstack.te
index 611d1ef77c7033b6607db7d6cf67f7a984d4dbb4..0b45d048e31c1db49a1b3357438e6deb90da31d1 100644
--- a/roles/rke2/selinux/my-openstack.te
+++ b/roles/rke2/selinux/my-openstack.te
@@ -8,5 +8,3 @@ require {
 
 #============= container_t ==============
 allow container_t cert_t:dir read;
-allow container_t cert_t:file { open read };
-allow container_t cert_t:lnk_file read;
\ No newline at end of file