From 0c42326204c1b8ece86512d9d5014d8603449430 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 15 Aug 2023 18:34:45 +0200
Subject: selinux: Use explicit paths for binaries in file context

There's no reason to use wildcards, and we don't want any
similarly-named binary (not that I'm aware of any) to risk being
associated to passt_exec_t and pasta_exec_t by accident.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
---
 contrib/selinux/pasta.fc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'contrib/selinux/pasta.fc')

diff --git a/contrib/selinux/pasta.fc b/contrib/selinux/pasta.fc
index 2ffb41a..41ee46d 100644
--- a/contrib/selinux/pasta.fc
+++ b/contrib/selinux/pasta.fc
@@ -8,6 +8,7 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-/usr/bin/pasta(\.*)?		system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta			system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta.avx2		system_u:object_r:pasta_exec_t:s0
 /tmp/pasta\.pcap		system_u:object_r:pasta_log_t:s0
 /var/run/pasta\.pid		system_u:object_r:pasta_pid_t:s0
-- 
cgit v1.2.3