Label programs in /usr/bin like /usr/sbin

Some recent modifications added patterns in .fc files for programs in
/usr/sbin without adding the patterns for /usr/bin. On Arch Linux, where
/usr/sbin is a symlink to /usr/bin, such patterns are never matched.

Add the missing patterns.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

3 files changed, 7 insertions, 0 deletions

diff --git a/policy/modules/services/hostapd.fc b/policy/modules/services/hostapd.fc
index 95b0f394..f7392119 100644
--- a/policy/modules/services/hostapd.fc
+++ b/policy/modules/services/hostapd.fc
@@ -1,3 +1,5 @@
+/usr/bin/hostapd                --      gen_context(system_u:object_r:hostapd_exec_t,s0)
+
 /usr/sbin/hostapd               --      gen_context(system_u:object_r:hostapd_exec_t,s0)
 
 /var/run/hostapd(/.*)?          gen_context(system_u:object_r:hostapd_var_run_t,s0)
diff --git a/policy/modules/services/knot.fc b/policy/modules/services/knot.fc
index afe579c9..a3962932 100644
--- a/policy/modules/services/knot.fc
+++ b/policy/modules/services/knot.fc
@@ -4,6 +4,9 @@
 
 /run/knot(/.*)?			gen_context(system_u:object_r:knot_runtime_t,s0)
 
+/usr/bin/knotc		--	gen_context(system_u:object_r:knotc_exec_t,s0)
+/usr/bin/knotd		--	gen_context(system_u:object_r:knotd_exec_t,s0)
+
 /usr/sbin/knotc		--      gen_context(system_u:object_r:knotc_exec_t,s0)
 /usr/sbin/knotd		--	gen_context(system_u:object_r:knotd_exec_t,s0)
 
diff --git a/policy/modules/services/tpm2.fc b/policy/modules/services/tpm2.fc
index 4ccf2f25..64937df4 100644
--- a/policy/modules/services/tpm2.fc
+++ b/policy/modules/services/tpm2.fc
@@ -1,3 +1,5 @@
+/usr/bin/tpm2-abrmd								--	gen_context(system_u:object_r:tpm2_abrmd_exec_t,s0)
+
 /usr/sbin/tpm2-abrmd								--	gen_context(system_u:object_r:tpm2_abrmd_exec_t,s0)
 
 /usr/lib/systemd/system/[^/]*tpm2-abrmd\.service	--	gen_context(system_u:object_r:tpm2_abrmd_unit_t,s0)