From 91da5e861ba3cd815ae1ba5dd3ba321044957df4 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Thu, 31 Mar 2022 14:18:55 -0400
Subject: [PATCH] podman: allow system podman to interact with container
 transient units

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/services/podman.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/services/podman.te b/policy/modules/services/podman.te
index 5df45d32d..316db505d 100644
--- a/policy/modules/services/podman.te
+++ b/policy/modules/services/podman.te
@@ -66,6 +66,10 @@ ifdef(`init_systemd',`
 	init_start_system(podman_t)
 	init_stop_system(podman_t)
 
+	# containers get created as systemd transient units
+	init_get_transient_units_status(podman_t)
+	init_start_transient_units(podman_t)
+
 	# podman can read logs from containers which are
 	# sent to the system journal
 	logging_search_logs(podman_t)