selinux: Use explicit paths for binaries in file context

There's no reason to use wildcards, and we don't want any similarly-named binary (not that I'm aware of any) to risk being associated to passt_exec_t and pasta_exec_t by accident. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2023-08-15 18:34:45 +02:00 · 2023-08-15 18:34:45 +02:00 · 0c42326204
commit 0c42326204
parent 479a9e1b4d
2 changed files with 4 additions and 2 deletions
--- a/contrib/selinux/passt.fc
+++ b/contrib/selinux/passt.fc
@ -8,5 +8,6 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>

-/usr/bin/passt(\.*)?		system_u:object_r:passt_exec_t:s0
+/usr/bin/passt			system_u:object_r:passt_exec_t:s0
+/usr/bin/passt.avx2		system_u:object_r:passt_exec_t:s0
 /tmp/passt\.pcap		system_u:object_r:passt_log_t:s0
--- a/contrib/selinux/pasta.fc
+++ b/contrib/selinux/pasta.fc
@ -8,6 +8,7 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>

-/usr/bin/pasta(\.*)?		system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta			system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta.avx2		system_u:object_r:pasta_exec_t:s0
 /tmp/pasta\.pcap		system_u:object_r:pasta_log_t:s0
 /var/run/pasta\.pid		system_u:object_r:pasta_pid_t:s0