Related: #2216912 - adding sys_admin to capabilities

2023-08-10 10:56:34 +02:00 · 2023-08-10 10:56:34 +02:00 · 3a9bef8ebd
commit 3a9bef8ebd
parent 75c0ff9241
2 changed files with 5 additions and 2 deletions
--- a/frr.spec
+++ b/frr.spec
@ -7,7 +7,7 @@
 Name: frr
 Version: 8.3.1
-Release: 9%{?checkout}%{?dist}
+Release: 10%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@ -280,6 +280,9 @@ make check PYTHON=%{__python3}
 %endif
 %changelog
 * Thu Aug 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-10
 - Related: #2216912 - adding sys_admin to capabilities
 * Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
 - Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec
--- a/frr.te
+++ b/frr.te
@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
 allow frr_t self:packet_socket create_socket_perms;
 allow frr_t self:process { setcap setpgid };