#============= rke2_service_t ==============
allow rke2_service_t container_var_lib_t:file watch;