module nspawn 1.0;
require {
type var_t;
type systemd_machined_t;
class dir { read write };
}
#============= systemd_machined_t ==============
allow systemd_machined_t var_t:dir { read write };
I have created a .TE file myself, I am not sure if it is comprehensive.
The lack of these rules will prevent some commands of machinectl
from functioning properly.
Why are there no such rules?