udica/tests/test_stream_connect.podman.cil

(block my_container
    (blockinherit container)
    (allow process network_container.process ( unix_stream_socket ( connectto ))) 
    (allow process network_container.socket ( sock_file ( getattr write open append ))) 
    (allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot ))) 

)