From 6e1e5b54823306df278417d99fb985db3d99b58c Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 29 Jun 2022 17:32:33 +0200
Subject: [PATCH] adding more explicit exceptions for openstackccm, cause it
 can apparently still not do everything it needs

---
 roles/rke2/selinux/my-openstack.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/rke2/selinux/my-openstack.te b/roles/rke2/selinux/my-openstack.te
index a672db8..611d1ef 100644
--- a/roles/rke2/selinux/my-openstack.te
+++ b/roles/rke2/selinux/my-openstack.te
@@ -7,4 +7,6 @@ require {
 }
 
 #============= container_t ==============
-allow container_t cert_t:dir read;
\ No newline at end of file
+allow container_t cert_t:dir read;
+allow container_t cert_t:file { open read };
+allow container_t cert_t:lnk_file read;
\ No newline at end of file
-- 
GitLab