selinux: Use explicit paths for binaries in file context

There's no reason to use wildcards, and we don't want any
similarly-named binary (not that I'm aware of any) to risk being
associated to passt_exec_t and pasta_exec_t by accident.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>

2 files changed, 4 insertions, 2 deletions

diff --git a/contrib/selinux/passt.fc b/contrib/selinux/passt.fc
index fb5b5d4..09bcaab 100644
--- a/contrib/selinux/passt.fc
+++ b/contrib/selinux/passt.fc
@@ -8,5 +8,6 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-/usr/bin/passt(\.*)?		system_u:object_r:passt_exec_t:s0
+/usr/bin/passt			system_u:object_r:passt_exec_t:s0
+/usr/bin/passt.avx2		system_u:object_r:passt_exec_t:s0
 /tmp/passt\.pcap		system_u:object_r:passt_log_t:s0
diff --git a/contrib/selinux/pasta.fc b/contrib/selinux/pasta.fc
index 2ffb41a..41ee46d 100644
--- a/contrib/selinux/pasta.fc
+++ b/contrib/selinux/pasta.fc
@@ -8,6 +8,7 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-/usr/bin/pasta(\.*)?		system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta			system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta.avx2		system_u:object_r:pasta_exec_t:s0
 /tmp/pasta\.pcap		system_u:object_r:pasta_log_t:s0
 /var/run/pasta\.pid		system_u:object_r:pasta_pid_t:s0