udica/tests/test_nocontext.podman.cil

(block my_container
    (blockinherit container)
    (allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot ))) 

    (allow process user_tmp_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write ))) 
    (allow process user_tmp_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write ))) 
    (allow process user_tmp_t ( fifo_file ( getattr read write append ioctl lock open ))) 
    (allow process user_tmp_t ( sock_file ( append getattr open read write ))) 
)