Resolves: RHEL-56074 - frr AVCs after rebase to 10.1

This commit is contained in:
Michal Ruprich 2024-09-09 16:11:57 +02:00
parent 8d3b48941e
commit 095fe15928
3 changed files with 13 additions and 5 deletions

1
frr.fc
View File

@ -6,6 +6,7 @@
/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0)
/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0)
/var/lib/frr(/.*)? gen_context(system_u:object_r:frr_var_lib_t,s0)
/run/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0)
/run/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0)

View File

@ -9,7 +9,7 @@
Name: frr
Version: 10.1
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Routing daemon
License: GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later OR ISC) AND MIT
URL: http://www.frrouting.org
@ -117,7 +117,7 @@ autoreconf -ivf
--sysconfdir=%{_sysconfdir}/frr \
--libdir=%{_libdir}/frr \
--libexecdir=%{_libexecdir}/frr \
--localstatedir=/run/frr \
--localstatedir=/var \
--enable-multipath=64 \
--enable-vtysh=yes \
--disable-ospfclient \
@ -277,6 +277,9 @@ rm tests/lib/*grpc*
%endif
%changelog
* Mon Sep 09 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-4
- Resolves: RHEL-56074 - frr AVCs after rebase to 10.1
* Mon Aug 26 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-3
- Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t

10
frr.te
View File

@ -27,6 +27,9 @@ systemd_unit_file(frr_unit_file_t)
type frr_var_run_t;
files_pid_file(frr_var_run_t)
type frr_var_lib_t;
files_type(frr_var_lib_t)
########################################
#
# frr local policy
@ -54,6 +57,10 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t)
manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file })
allow frr_t frr_tmp_t:file map;
manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
@ -110,9 +117,6 @@ ipsec_domtrans_mgmt(frr_t)
userdom_read_admin_home_files(frr_t)
libs_delete_lib_symlinks(frr_t);
libs_manage_lib_dirs(frr_t);
optional_policy(`
logging_send_syslog_msg(frr_t)
')