diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2022-05-30 18:51:28 -0400 |
|---|---|---|
| committer | Kenton Groombridge <concord@gentoo.org> | 2022-06-06 11:14:53 -0400 |
| commit | c5ccb8cad57d6e29624d559d9100915d38a019ae (patch) | |
| tree | 064d7c62120a04b7bde6834e64ff2976837372a3 | |
| parent | iptables: add file context for saved rules (diff) | |
| download | hardened-refpolicy-c5ccb8ca.tar.gz hardened-refpolicy-c5ccb8ca.tar.bz2 hardened-refpolicy-c5ccb8ca.zip | |
iptables: add file context for /usr/libexec/nftables/nftables.sh
Bug: https://bugs.gentoo.org/840230
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/system/iptables.fc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc index 6157f313..ab1300db 100644 --- a/policy/modules/system/iptables.fc +++ b/policy/modules/system/iptables.fc @@ -24,6 +24,8 @@ /usr/bin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) /usr/bin/xtables-nft-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) +/usr/libexec/nftables/nftables\.sh -- gen_context(system_u:object_r:iptables_exec_t,s0) + /usr/lib/systemd/system/[^/]*arptables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ebtables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) /usr/lib/systemd/system/[^/]*ip6tables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) |