commit: 3d7762712115cbfe3751c4e7d989d7913f42b784 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Mon May 30 22:51:28 2022 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Jun 6 15:07:38 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3d776271
iptables: add file context for /usr/libexec/nftables/nftables.sh Signed-off-by: Kenton Groombridge <me <AT> concord.sh> policy/modules/system/iptables.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc index 6157f313..ab1300db 100644 --- a/policy/modules/system/iptables.fc +++ b/policy/modules/system/iptables.fc @@ -24,6 +24,8 @@ /usr/bin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) /usr/bin/xtables-nft-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) +/usr/libexec/nftables/nftables\.sh -- gen_context(system_u:object_r:iptables_exec_t,s0) + /usr/lib/systemd/system/[^/]*arptables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ebtables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ip6tables.* -- gen_context(system_u:object_r:iptables_unit_t,s0)
