Resolves: #2144500 - AVC error when reloading FRR with provided reload script

2022-11-24 10:50:53 +01:00 · 2022-11-24 10:50:53 +01:00 · bf0b074c96
commit bf0b074c96
parent c77e3b4511
3 changed files with 8 additions and 4 deletions
--- a/frr.fc
+++ b/frr.fc
@ -1,4 +1,4 @@
-/usr/libexec/frr(/.*)?              gen_context(system_u:object_r:frr_exec_t,s0)
+/usr/libexec/frr/(.*)?              gen_context(system_u:object_r:frr_exec_t,s0)

 /usr/lib/systemd/system/frr.*   gen_context(system_u:object_r:frr_unit_file_t,s0)

--- a/frr.spec
+++ b/frr.spec
@ -7,7 +7,7 @@

 Name: frr
 Version: 8.3.1
-Release: 3%{?checkout}%{?dist}
+Release: 4%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@ -227,10 +227,10 @@ fi
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %selinux_relabel_post -s %{selinuxtype}
 #/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
-##if [ $1 == 2 ]; then
+if [ $1 == 2 ]; then
    %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
    %{_sbindir}/restorecon -R /var/run/frr &> /dev/null
-##fi
+fi

 %postun selinux
 if [ $1 -eq 0 ]; then
@ -275,6 +275,9 @@ make check PYTHON=%{__python3}
 %endif

 %changelog
+* Thu Nov 24 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
+- Resolves: #2144500 - AVC error when reloading FRR with provided reload script
+
 * Wed Oct 19 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
 - Related: #2129743 - Adding missing rules for vtysh and other daemons

--- a/frr.te
+++ b/frr.te
@ -119,4 +119,5 @@ optional_policy(`

 optional_policy(`
 	userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
+	userdom_inherit_append_admin_home_files(frr_t, frr_conf_t, file, ".history_frr")
 ')