container: fixes for podman 4.4.0

podman now creates a lock file in /run/containers and will fail to run
if this is not allowed.

Signed-off-by: Kenton Groombridge <me@concord.sh>

policy/modules/services/container.te

@@ -162,6 +162,9 @@ type container_engine_tmpfs_t;
 files_tmpfs_file(container_engine_tmpfs_t)
 container_mountpoint(container_engine_tmpfs_t)
 
+type container_engine_lock_t;
+files_lock_file(container_engine_lock_t)
+
 type container_runtime_t;
 files_runtime_file(container_runtime_t)
 container_mountpoint(container_runtime_t)
@@ -631,6 +634,10 @@ allow container_engine_domain container_engine_tmpfs_t:lnk_file { manage_lnk_fil
 allow container_engine_domain container_engine_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
 fs_tmpfs_filetrans(container_engine_domain, container_engine_tmpfs_t, { dir file })
 
+manage_dirs_pattern(container_engine_domain, container_engine_lock_t, container_engine_lock_t)
+manage_files_pattern(container_engine_domain, container_engine_lock_t, container_engine_lock_t)
+files_lock_filetrans(container_engine_domain, container_engine_lock_t, { dir file })
+
 allow container_engine_domain container_file_t:dir { manage_dir_perms relabel_dir_perms };
 allow container_engine_domain container_file_t:file { manage_file_perms relabel_file_perms exec_file_perms };
 allow container_engine_domain container_file_t:blk_file { manage_blk_file_perms relabel_blk_file_perms };