diff --git a/policy/centos7/rke2-selinux.spec b/policy/centos7/rke2-selinux.spec index 77236ed..4ce1316 100644 --- a/policy/centos7/rke2-selinux.spec +++ b/policy/centos7/rke2-selinux.spec @@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove mkdir -p /var/lib/rancher/rke2/data; \ mkdir -p /var/run/flannel; \ mkdir -p /var/run/k3s; \ -restorecon -R -i /etc/systemd/system/rke2.service; \ -restorecon -R -i /usr/lib/systemd/system/rke2.service; \ +restorecon -R -i /etc/systemd/system/rke2*; \ +restorecon -R -i /usr/lib/systemd/system/rke2*; \ restorecon -R /var/lib/cni; \ restorecon -R /opt/cni; \ restorecon -R /var/lib/kubelet; \ diff --git a/policy/centos7/rke2.fc b/policy/centos7/rke2.fc index e7146d8..2150d6a 100644 --- a/policy/centos7/rke2.fc +++ b/policy/centos7/rke2.fc @@ -3,6 +3,7 @@ /etc/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/local/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) +/usr/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0) diff --git a/policy/centos8/rke2-selinux.spec b/policy/centos8/rke2-selinux.spec index e9a0151..3955c30 100644 --- a/policy/centos8/rke2-selinux.spec +++ b/policy/centos8/rke2-selinux.spec @@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove mkdir -p /var/lib/rancher/rke2/data; \ mkdir -p /var/run/flannel; \ mkdir -p /var/run/k3s; \ -restorecon -R -i /etc/systemd/system/rke2.service; \ -restorecon -R -i /usr/lib/systemd/system/rke2.service; \ +restorecon -R -i /etc/systemd/system/rke2*; \ +restorecon -R -i /usr/lib/systemd/system/rke2*; \ restorecon -R /var/lib/cni; \ restorecon -R /opt/cni; \ restorecon -R /var/lib/kubelet; \ diff --git a/policy/centos8/rke2.fc b/policy/centos8/rke2.fc index f12ccaa..879a3c6 100644 --- a/policy/centos8/rke2.fc +++ b/policy/centos8/rke2.fc @@ -7,6 +7,7 @@ /etc/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/local/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) +/usr/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) #/var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0) diff --git a/policy/centos9/rke2-selinux.spec b/policy/centos9/rke2-selinux.spec index 6a86406..d9cf33d 100644 --- a/policy/centos9/rke2-selinux.spec +++ b/policy/centos9/rke2-selinux.spec @@ -8,8 +8,9 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove mkdir -p /var/lib/rancher/rke2/data; \ mkdir -p /var/run/flannel; \ mkdir -p /var/run/k3s; \ -restorecon -R -i /etc/systemd/system/rke2.service; \ -restorecon -R -i /usr/lib/systemd/system/rke2.service; \ +restorecon -R -i /etc/systemd/system/rke2*; \ +restorecon -R -i /usr/local/lib/systemd/system/rke2*; \ +restorecon -R -i /usr/lib/systemd/system/rke2*; \ restorecon -R /var/lib/cni; \ restorecon -R /opt/cni; \ restorecon -R /var/lib/kubelet; \ diff --git a/policy/centos9/rke2.fc b/policy/centos9/rke2.fc index f12ccaa..879a3c6 100644 --- a/policy/centos9/rke2.fc +++ b/policy/centos9/rke2.fc @@ -7,6 +7,7 @@ /etc/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/local/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) +/usr/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) #/var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0) diff --git a/policy/microos/rke2-selinux.spec b/policy/microos/rke2-selinux.spec index e48b31f..f64c4a3 100644 --- a/policy/microos/rke2-selinux.spec +++ b/policy/microos/rke2-selinux.spec @@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove mkdir -p /var/lib/rancher/rke2/data; \ mkdir -p /var/run/flannel; \ mkdir -p /var/run/k3s; \ -restorecon -R -i /etc/systemd/system/rke2.service; \ -restorecon -R -i /usr/lib/systemd/system/rke2.service; \ +restorecon -R -i /etc/systemd/system/rke2*; \ +restorecon -R -i /usr/lib/systemd/system/rke2*; \ restorecon -R /var/lib/cni; \ restorecon -R /opt/cni; \ restorecon -R /var/lib/kubelet; \ diff --git a/policy/microos/rke2.fc b/policy/microos/rke2.fc index 067115b..e5c878f 100644 --- a/policy/microos/rke2.fc +++ b/policy/microos/rke2.fc @@ -7,6 +7,7 @@ /etc/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/local/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) +/usr/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) #/var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0) diff --git a/policy/slemicro/rke2-selinux.spec b/policy/slemicro/rke2-selinux.spec index d2b33b4..2c7e807 100644 --- a/policy/slemicro/rke2-selinux.spec +++ b/policy/slemicro/rke2-selinux.spec @@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove mkdir -p /var/lib/rancher/rke2/data; \ mkdir -p /var/run/flannel; \ mkdir -p /var/run/k3s; \ -restorecon -R -i /etc/systemd/system/rke2.service; \ -restorecon -R -i /usr/lib/systemd/system/rke2.service; \ +restorecon -R -i /etc/systemd/system/rke2*; \ +restorecon -R -i /usr/lib/systemd/system/rke2*; \ restorecon -R /var/lib/cni; \ restorecon -R /opt/cni; \ restorecon -R /var/lib/kubelet; \ diff --git a/policy/slemicro/rke2.fc b/policy/slemicro/rke2.fc index 46277e7..6e3e7e2 100644 --- a/policy/slemicro/rke2.fc +++ b/policy/slemicro/rke2.fc @@ -7,6 +7,7 @@ /etc/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/local/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) +/usr/lib/systemd/system/rke2.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /opt/rke2/bin/rke2 -- gen_context(system_u:object_r:container_runtime_exec_t,s0)