diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2023-08-15 18:34:45 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-08-18 13:18:45 +0200 |
| commit | 0c42326204c1b8ece86512d9d5014d8603449430 (patch) | |
| tree | 9774355400e0eaaae8c7a1afae7843a86d344e7d /contrib/selinux/passt.fc | |
| parent | 479a9e1b4d9b4e426754b44fb767d252ca144e0f (diff) | |
| download | passt-0c42326204c1b8ece86512d9d5014d8603449430.tar passt-0c42326204c1b8ece86512d9d5014d8603449430.tar.gz passt-0c42326204c1b8ece86512d9d5014d8603449430.tar.bz2 passt-0c42326204c1b8ece86512d9d5014d8603449430.tar.lz passt-0c42326204c1b8ece86512d9d5014d8603449430.tar.xz passt-0c42326204c1b8ece86512d9d5014d8603449430.tar.zst passt-0c42326204c1b8ece86512d9d5014d8603449430.zip | |
selinux: Use explicit paths for binaries in file context
There's no reason to use wildcards, and we don't want any
similarly-named binary (not that I'm aware of any) to risk being
associated to passt_exec_t and pasta_exec_t by accident.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Diffstat (limited to 'contrib/selinux/passt.fc')
| -rw-r--r-- | contrib/selinux/passt.fc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/contrib/selinux/passt.fc b/contrib/selinux/passt.fc index fb5b5d4..09bcaab 100644 --- a/contrib/selinux/passt.fc +++ b/contrib/selinux/passt.fc @@ -8,5 +8,6 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> -/usr/bin/passt(\.*)? system_u:object_r:passt_exec_t:s0 +/usr/bin/passt system_u:object_r:passt_exec_t:s0 +/usr/bin/passt.avx2 system_u:object_r:passt_exec_t:s0 /tmp/passt\.pcap system_u:object_r:passt_log_t:s0 |