From c8dbbbaed4371c600d057736d1dab78371066fdd Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@mentor.com>
Date: Fri, 29 Mar 2019 09:54:07 -0400
Subject: [PATCH 14/34] fc/rpm: apply rpm_exec policy to cpio binaries

Upstream-Status: Pending

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
 policy/modules/admin/rpm.fc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/rpm.fc b/policy/modules/admin/rpm.fc
index 578d465c..f2b8003a 100644
--- a/policy/modules/admin/rpm.fc
+++ b/policy/modules/admin/rpm.fc
@@ -65,5 +65,8 @@ ifdef(`distro_redhat',`
 /run/PackageKit(/.*)?	gen_context(system_u:object_r:rpm_var_run_t,s0)
 
 ifdef(`enable_mls',`
-/usr/sbin/cpio	--	gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/cpio		--	gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/cpio		--	gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/cpio.cpio	--	gen_context(system_u:object_r:rpm_exec_t,s0)
 ')
+
-- 
2.19.1