From 01d731326316e931aa6f6c77d80767f5d1387307 Mon Sep 17 00:00:00 2001
From: Cathy Hu <cathy.hu@suse.com>
Date: Thu, 11 Apr 2024 12:34:26 +0200
Subject: [PATCH] Move /var/run fc entries to /run

/var/run is a symlink to /run in microos.

Currently the selinux-policy package has a rule for file contexts
from /run/<file> to use the same file context specified in /var/run/<file>.

The upcoming main selinux-policy package update will change the direction
of that "forwarding", so /var/run will follow the rules in /run.
This way, the file context entries will match the actual filesystem path.

All existing file context entries in custom modules
based on the /var/run path need to change to /run, otherwise there is no rule
for /var/run entries to "be forwarded to" in /run.

Signed-off-by: Cathy Hu <cathy.hu@suse.com>
---
 policy/microos/k3s.fc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/microos/k3s.fc b/policy/microos/k3s.fc
index 30e5da7..35b9647 100644
--- a/policy/microos/k3s.fc
+++ b/policy/microos/k3s.fc
@@ -23,5 +23,5 @@
 /var/lib/rancher/k3s/data/[^/]*/bin/runc                        --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /var/lib/rancher/k3s/data/[^/]*/etc(/.*)?                           gen_context(system_u:object_r:container_config_t,s0)
 /var/lib/rancher/k3s/storage(/.*)?                                  gen_context(system_u:object_r:container_file_t,s0)
-/var/run/k3s(/.*)?                                                  gen_context(system_u:object_r:container_var_run_t,s0)
-/var/run/k3s/containerd/[^/]*/sandboxes/[^/]*/shm(/.*)?             gen_context(system_u:object_r:container_runtime_tmpfs_t,s0)
+/run/k3s(/.*)?                                                      gen_context(system_u:object_r:container_var_run_t,s0)
+/run/k3s/containerd/[^/]*/sandboxes/[^/]*/shm(/.*)?                 gen_context(system_u:object_r:container_runtime_tmpfs_t,s0)