Related: #2216912 - adding sys_admin to capabilities
This commit is contained in:
parent
75c0ff9241
commit
3a9bef8ebd
5
frr.spec
5
frr.spec
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
Name: frr
|
Name: frr
|
||||||
Version: 8.3.1
|
Version: 8.3.1
|
||||||
Release: 9%{?checkout}%{?dist}
|
Release: 10%{?checkout}%{?dist}
|
||||||
Summary: Routing daemon
|
Summary: Routing daemon
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.frrouting.org
|
URL: http://www.frrouting.org
|
||||||
@ -280,6 +280,9 @@ make check PYTHON=%{__python3}
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-10
|
||||||
|
- Related: #2216912 - adding sys_admin to capabilities
|
||||||
|
|
||||||
* Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
|
* Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
|
||||||
- Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec
|
- Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec
|
||||||
|
|
||||||
|
2
frr.te
2
frr.te
@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
|
|||||||
#
|
#
|
||||||
# frr local policy
|
# frr local policy
|
||||||
#
|
#
|
||||||
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
|
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
|
||||||
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
|
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||||
allow frr_t self:packet_socket create_socket_perms;
|
allow frr_t self:packet_socket create_socket_perms;
|
||||||
allow frr_t self:process { setcap setpgid };
|
allow frr_t self:process { setcap setpgid };
|
||||||
|
Loading…
Reference in New Issue
Block a user