Allow container domains to read/write kvm_device_t

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Update kublet mappings to inlcude /usr/local/*

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Allow container domains to use container runtime tcp and udp sockets

Systemd socket activated containers are leaking tcp and udp sockets
into containers so that the container can handle the connections.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Alow containers to use unix_stream_sockets leaked from container runt…

…imes

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Allow userdomains to execute conmon_exec_t and use it as an entrypoint

This is useful for container engines that are not labeled as
container_runtime_exec_t.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Allow conmon_exec_t as an entrypoint

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Add boolean to allow containers to use any device

In rootless containers we can not create device nodes to allow the
containers to use devices that are volume mounted into them.

This boolean will allow all confined containers to use any device that
gets assigned to a rootless container.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Bump to v2.174.0

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Update package for new file context

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Bump version to handle fixes in interface

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>