Adding SELinux rule to enable zebra to write to sysctl_net_t

Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
This commit is contained in:
Michal Ruprich 2022-09-16 16:00:15 +02:00
parent 41a038e1d1
commit 3905b5274d
2 changed files with 7 additions and 2 deletions

View File

@ -7,7 +7,7 @@
Name: frr
Version: 8.3.1
Release: 4%{?dist}
Release: 5%{?dist}
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
@ -264,6 +264,10 @@ rm tests/lib/*grpc*
%endif
%changelog
* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
- Adding SELinux rule to enable zebra to write to sysctl_net_t
- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
- Fixing an error in post scriptlet

3
frr.te
View File

@ -68,7 +68,7 @@ allow frr_t frr_exec_t:dir search_dir_perms;
can_exec(frr_t, frr_exec_t)
kernel_read_network_state(frr_t)
kernel_read_net_sysctls(frr_t)
kernel_rw_net_sysctls(frr_t)
kernel_read_system_state(frr_t)
auth_use_nsswitch(frr_t)
@ -80,6 +80,7 @@ corenet_udp_bind_bfd_control_port(frr_t)
corenet_udp_bind_bfd_echo_port(frr_t)
corenet_udp_bind_bfd_multi_port(frr_t)
corenet_tcp_bind_bgp_port(frr_t)
corenet_tcp_connect_bgp_port(frr_t)
corenet_tcp_bind_cmadmin_port(frr_t)
corenet_udp_bind_cmadmin_port(frr_t)
corenet_tcp_bind_firepower_port(frr_t)