1
0
mirror of https://passt.top/passt synced 2024-11-09 22:29:56 +00:00
passt/contrib/selinux/passt.fc
Stefano Brivio 0c42326204 selinux: Use explicit paths for binaries in file context
There's no reason to use wildcards, and we don't want any
similarly-named binary (not that I'm aware of any) to risk being
associated to passt_exec_t and pasta_exec_t by accident.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2023-08-18 13:18:45 +02:00

14 lines
434 B
Plaintext

# SPDX-License-Identifier: GPL-2.0-or-later
#
# PASST - Plug A Simple Socket Transport
# for qemu/UNIX domain socket mode
#
# contrib/selinux/passt.fc - SELinux profile: File Context for passt
#
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>
/usr/bin/passt system_u:object_r:passt_exec_t:s0
/usr/bin/passt.avx2 system_u:object_r:passt_exec_t:s0
/tmp/passt\.pcap system_u:object_r:passt_log_t:s0