Related: #2216912 - adding sys_admin to capabilities

This commit is contained in:
Michal Ruprich 2023-08-10 10:56:34 +02:00
parent 75c0ff9241
commit 3a9bef8ebd
2 changed files with 5 additions and 2 deletions

View File

@ -7,7 +7,7 @@
Name: frr Name: frr
Version: 8.3.1 Version: 8.3.1
Release: 9%{?checkout}%{?dist} Release: 10%{?checkout}%{?dist}
Summary: Routing daemon Summary: Routing daemon
License: GPLv2+ License: GPLv2+
URL: http://www.frrouting.org URL: http://www.frrouting.org
@ -280,6 +280,9 @@ make check PYTHON=%{__python3}
%endif %endif
%changelog %changelog
* Thu Aug 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-10
- Related: #2216912 - adding sys_admin to capabilities
* Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9 * Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
- Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec - Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec

2
frr.te
View File

@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
# #
# frr local policy # frr local policy
# #
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin }; allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms; allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket create_socket_perms; allow frr_t self:packet_socket create_socket_perms;
allow frr_t self:process { setcap setpgid }; allow frr_t self:process { setcap setpgid };