There's no reason to use wildcards, and we don't want any
similarly-named binary (not that I'm aware of any) to risk being
associated to passt_exec_t and pasta_exec_t by accident.
Signed-off-by: Stefano Brivio
---
contrib/selinux/passt.fc | 3 ++-
contrib/selinux/pasta.fc | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/contrib/selinux/passt.fc b/contrib/selinux/passt.fc
index fb5b5d4..09bcaab 100644
--- a/contrib/selinux/passt.fc
+++ b/contrib/selinux/passt.fc
@@ -8,5 +8,6 @@
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio
-/usr/bin/passt(\.*)? system_u:object_r:passt_exec_t:s0
+/usr/bin/passt system_u:object_r:passt_exec_t:s0
+/usr/bin/passt.avx2 system_u:object_r:passt_exec_t:s0
/tmp/passt\.pcap system_u:object_r:passt_log_t:s0
diff --git a/contrib/selinux/pasta.fc b/contrib/selinux/pasta.fc
index 2ffb41a..41ee46d 100644
--- a/contrib/selinux/pasta.fc
+++ b/contrib/selinux/pasta.fc
@@ -8,6 +8,7 @@
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio
-/usr/bin/pasta(\.*)? system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta system_u:object_r:pasta_exec_t:s0
+/usr/bin/pasta.avx2 system_u:object_r:pasta_exec_t:s0
/tmp/pasta\.pcap system_u:object_r:pasta_log_t:s0
/var/run/pasta\.pid system_u:object_r:pasta_pid_t:s0
--
2.39.2