commit: 6f537bac5606bd0ad279ab8016c2c8c51476956d Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Mon May 30 22:51:28 2022 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Sat Sep 3 20:04:19 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6f537bac
iptables: add file context for /usr/libexec/nftables/nftables.sh Bug: https://bugs.gentoo.org/840230 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/system/iptables.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc index 6157f313..ab1300db 100644 --- a/policy/modules/system/iptables.fc +++ b/policy/modules/system/iptables.fc @@ -24,6 +24,8 @@ /usr/bin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) /usr/bin/xtables-nft-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) +/usr/libexec/nftables/nftables\.sh -- gen_context(system_u:object_r:iptables_exec_t,s0) + /usr/lib/systemd/system/[^/]*arptables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ebtables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ip6tables.* -- gen_context(system_u:object_r:iptables_unit_t,s0)
