From 7c6a496b211550e9f289ba4b844b1377b8d7e87f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Fri, 16 Sep 2022 16:12:44 +0000 Subject: [PATCH] Auto sync2gitlab import of frr-7.5.1-4.el8.src.rpm --- frr.spec | 7 +++++-- frr.te | 5 +++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/frr.spec b/frr.spec index f2f0adf..82a7c03 100644 --- a/frr.spec +++ b/frr.spec @@ -7,7 +7,7 @@ Name: frr Version: 7.5.1 -Release: 3%{?checkout}%{?dist} +Release: 4%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org @@ -34,7 +34,7 @@ Requires: iproute Requires: initscripts %if 0%{?with_selinux} -Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) %endif Provides: routingdaemon = %{version}-%{release} @@ -269,6 +269,9 @@ make check PYTHON=%{__python3} %endif %changelog +* Thu Sep 15 2022 Michal Ruprich - 7.5.1-4 +- Resolves: #2126040 - Frr is unable to push routes to the system routing table + * Thu Aug 25 2022 Michal Ruprich - 7.5.1-3 - Resolves: #2054160 - FRR reloader does not disable BFD when unsetting BFD profile diff --git a/frr.te b/frr.te index fadfa8f..1dac7e4 100644 --- a/frr.te +++ b/frr.te @@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t) # # frr local policy # -allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid }; +allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin }; allow frr_t self:netlink_route_socket rw_netlink_socket_perms; allow frr_t self:packet_socket create; allow frr_t self:process { setcap setpgid }; @@ -68,7 +68,7 @@ allow frr_t frr_exec_t:dir search_dir_perms; can_exec(frr_t, frr_exec_t) kernel_read_network_state(frr_t) -kernel_read_net_sysctls(frr_t) +kernel_rw_net_sysctls(frr_t) kernel_read_system_state(frr_t) auth_use_nsswitch(frr_t) @@ -79,6 +79,7 @@ corenet_tcp_bind_appswitch_emp_port(frr_t) corenet_udp_bind_bfd_control_port(frr_t) corenet_udp_bind_bfd_echo_port(frr_t) corenet_tcp_bind_bgp_port(frr_t) +corenet_tcp_connect_bgp_port(frr_t) corenet_udp_bind_all_unreserved_ports(frr_t); corenet_tcp_bind_generic_port(frr_t) corenet_tcp_bind_firepower_port(frr_t)