diff options
| -rw-r--r-- | src/fs/noseclabelfs/efivarnoseclabelfs.cil | 4 | ||||
| -rw-r--r-- | src/misc.cil | 5 |
2 files changed, 3 insertions, 6 deletions
diff --git a/src/fs/noseclabelfs/efivarnoseclabelfs.cil b/src/fs/noseclabelfs/efivarnoseclabelfs.cil index 7ff8fd2..b010b06 100644 --- a/src/fs/noseclabelfs/efivarnoseclabelfs.cil +++ b/src/fs/noseclabelfs/efivarnoseclabelfs.cil @@ -2,7 +2,9 @@ ;; SPDX-License-Identifier: Unlicense (block efivar + (blockinherit .noseclabelfs.template) (genfscon "efivarfs" "/" fs_context) - (blockinherit .noseclabelfs.template)) + (filecon "/sys/firmware/efi/efivars" dir ()) + (filecon "/sys/firmware/efi/efivars/.*" any ())) diff --git a/src/misc.cil b/src/misc.cil index a805d24..b0d5736 100644 --- a/src/misc.cil +++ b/src/misc.cil @@ -3,11 +3,6 @@ (sidcontext init (sys.id sys.role sys.subj sys.lowlow)) ;; userspace_initial_context -(in efivar - - (filecon "/sys/firmware/efi/efivars" dir ()) - (filecon "/sys/firmware/efi/efivars/.*" any ())) - (in exec (filecon "/usr/bin" dir file_context) |