container: fixes for podman run --log-driver=passthrough

The --log-driver=passthrough argument is used by default for units
generated by quadlet. Without this access, containers started through
systemd in this way will not be able to send logs to the journal.

Signed-off-by: Kenton Groombridge <me@concord.sh>

policy/modules/services/container.te

@@ -304,6 +304,9 @@ clock_read_adjtime(container_domain)
 
 init_read_utmp(container_domain)
 init_dontaudit_write_utmp(container_domain)
+# for podman run --log-driver=passthrough
+init_rw_stream_sockets(container_domain)
+init_use_fds(container_domain)
 
 libs_dontaudit_setattr_lib_files(container_domain)