9aaa11
Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid.