From 1305fd7be104735fa3e1bbb8e517c886957a38a3 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <concord@gentoo.org>
Date: Sat, 10 Feb 2024 21:10:38 -0500
Subject: [PATCH] container: add filecons for rook-ceph

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
---
 policy/modules/services/container.fc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/services/container.fc b/policy/modules/services/container.fc
index 9871812de..f98e68ba0 100644
--- a/policy/modules/services/container.fc
+++ b/policy/modules/services/container.fc
@@ -103,6 +103,9 @@ HOME_DIR/\.docker(/.*)?		gen_context(system_u:object_r:container_conf_home_t,s0)
 /var/lib/etcd(/.*)?             gen_context(system_u:object_r:container_file_t,s0)
 /var/lib/kube-proxy(/.*)?		gen_context(system_u:object_r:container_file_t,s0)
 
+/var/lib/rook(/.*)?		gen_context(system_u:object_r:container_file_t,s0)
+/var/lib/rook/rook-ceph/[^/]+/[^/]+/block	-b	gen_context(system_u:object_r:container_device_t,s0)
+
 /var/local-path-provisioner(/.*)?		gen_context(system_u:object_r:container_file_t,s0)
 
 /var/log/containerd(/.*)?		gen_context(system_u:object_r:container_log_t,s0)