rpms/frr
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-56074 - frr AVCs after rebase to 10.1

Browse Source
This commit is contained in:
Michal Ruprich 2024-09-09 16:11:57 +02:00
parent 8d3b48941e
commit 095fe15928
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frr.fc
View File

@ -6,6 +6,7 @@
/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0) /var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0)
/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0) /var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0)
/var/lib/frr(/.*)? gen_context(system_u:object_r:frr_var_lib_t,s0)
/run/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0) /run/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0)
/run/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0) /run/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0)

7
frr.spec
View File

@ -9,7 +9,7 @@
Name: frr Name: frr
Version: 10.1 Version: 10.1
Release: 3%{?dist} Release: 4%{?dist}
Summary: Routing daemon Summary: Routing daemon
License: GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later OR ISC) AND MIT License: GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later OR ISC) AND MIT
URL: http://www.frrouting.org URL: http://www.frrouting.org
@ -117,7 +117,7 @@ autoreconf -ivf
--sysconfdir=%{_sysconfdir}/frr \ --sysconfdir=%{_sysconfdir}/frr \
--libdir=%{_libdir}/frr \ --libdir=%{_libdir}/frr \
--libexecdir=%{_libexecdir}/frr \ --libexecdir=%{_libexecdir}/frr \
--localstatedir=/run/frr \ --localstatedir=/var \
--enable-multipath=64 \ --enable-multipath=64 \
--enable-vtysh=yes \ --enable-vtysh=yes \
--disable-ospfclient \ --disable-ospfclient \
@ -277,6 +277,9 @@ rm tests/lib/*grpc*
%endif %endif
%changelog %changelog
* Mon Sep 09 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-4
- Resolves: RHEL-56074 - frr AVCs after rebase to 10.1
* Mon Aug 26 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-3 * Mon Aug 26 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-3
- Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t - Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t

10
frr.te
View File

@ -27,6 +27,9 @@ systemd_unit_file(frr_unit_file_t)
type frr_var_run_t; type frr_var_run_t;
files_pid_file(frr_var_run_t) files_pid_file(frr_var_run_t)
type frr_var_lib_t;
files_type(frr_var_lib_t)
######################################## ########################################
# #
# frr local policy # frr local policy
@ -54,6 +57,10 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t)
manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t) manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file }) logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file })
allow frr_t frr_tmp_t:file map; allow frr_t frr_tmp_t:file map;
manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t) manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t) manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
@ -110,9 +117,6 @@ ipsec_domtrans_mgmt(frr_t)
userdom_read_admin_home_files(frr_t) userdom_read_admin_home_files(frr_t)
libs_delete_lib_symlinks(frr_t);
libs_manage_lib_dirs(frr_t);
optional_policy(` optional_policy(`
logging_send_syslog_msg(frr_t) logging_send_syslog_msg(frr_t)
') ')