rpms/frr
7
0
Fork 0
Code Issues Pull Requests Releases Activity
111 Commits 9 Branches 54 Tags 606 KiB
8d3b48941e
Commit Graph

111 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Ruprich
8d3b48941e Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t 2024-08-26 14:09:03 +02:00
Michal Ruprich
74379a7796 Related: RHEL-55747 - Adding new selinux rules 2024-08-26 06:27:29 +02:00
Michal Ruprich
3428d44f6b New version 10.1 2024-08-22 11:57:51 +02:00
Troy Dawson
2592b6a870 Bump release for June 2024 mass rebuild 2024-06-24 08:42:52 -07:00
Michal Ruprich
2d1a531a5b Resolves: RHEL-32134 - buffer overflow and daemon crash in ospf_te_parse_ri 2024-06-12 09:28:42 +02:00
Michal Ruprich
cdeacb4fe0 Resolves: RHEL-32138 - buffer overflow in ospf_te_parse_ext_link 2024-06-12 09:26:35 +02:00
Michal Ruprich
c2bc5c9c4f Resolves: RHEL-34911 - null pointer via get_edge() function can trigger a denial of service 2024-06-12 09:24:25 +02:00
Michal Ruprich
832ce93ff8 Resolves: RHEL-38834 - Missing selinux rules for .history_frr file for FRR 2024-05-28 17:02:10 +02:00
František Hrdina
69652b9863 Update of fmf plans and gating for c10s 2024-05-22 09:59:40 +02:00
František Hrdina
30586274ae Add ci.fmf 2024-04-19 15:00:35 +02:00
Michal Ruprich
8b24d2e071 Resolves: RHEL-32128 - infinite loop 2024-04-18 12:43:05 +02:00
Michal Ruprich
3536ef0396 Resolves: #RHEL-32125 - bgpd daemon crash 2024-04-18 12:40:54 +02:00
Michal Ruprich
238ae38814 Moving yang modules to an frr specific directory to avoid conflicts 
Adding rpminspect.yaml
 2024-04-16 10:46:29 +02:00
František Hrdina
0349f42aa5 Updating tier plans and gating.yaml 2024-04-12 12:18:04 +00:00
Michal Ruprich
5c54b0a175 Resolves: RHEL-32502 - frr fails to start: SELinux is preventing watchfrr from create access on the sock_file 2024-04-11 11:26:46 +02:00
Benjamin A. Beasley
14d3b39746 Rebuilt for abseil-cpp-20240116.0 2024-02-04 11:26:57 -05:00
Michal Ruprich
f10270279b New version 9.1 2024-01-25 14:43:24 +01:00
Vit Mojzis
9c91b908e1 SELinux: rename ifconfig_run interfaces to be more specific 
The change has no functional impact on the policy. It is just to keep it
in sync with the interfaces shipped in selinux-policy-* packages.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 2024-01-25 12:51:35 +00:00
Fedora Release Engineering
2228c29472 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 12:05:55 +00:00
Fedora Release Engineering
9bf8cfe430 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 19:51:00 +00:00
Michal Ruprich
30f4eb8e8e New version 9.0.1 2023-10-16 09:44:02 +02:00
Michal Ruprich
ca06a43267 Adding a couple of SELinux rules, includes fix for rhbz#2149299 2023-09-01 13:15:04 +02:00
Benjamin A. Beasley
4405129034 Rebuilt for abseil-cpp 20230802.0 2023-08-30 07:50:46 -04:00
Zdenek Pytela
a302f6117d Update SELinux rule to allow frr daemons create and use packet socket 
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(07/27/2023 11:26:31.692:622) : proctitle=/usr/libexec/frr/bfdd -d -F traditional -A 127.0.0.1
type=SOCKADDR msg=audit(07/27/2023 11:26:31.692:622) : saddr={ saddr_fam=packet (unsupported) }
type=SYSCALL msg=audit(07/27/2023 11:26:31.692:622) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xf a1=0x7ffeb8c5a000 a2=0x14 a3=0x7ffeb8c59ff0 items=0 ppid=7818 pid=7903 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=bfdd exe=/usr/libexec/frr/bfdd subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(07/27/2023 11:26:31.692:622) : avc:  denied  { bind } for  pid=7903 comm=bfdd scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=packet_socket permissive=0

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2216912
 2023-08-01 09:40:29 +02:00
Fedora Release Engineering
73b57e75c1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 20:19:19 +00:00
Michal Ruprich
b6998f1514 New version 8.5.2 2023-06-30 15:51:23 +02:00
Michal Ruprich
de8d85febb frr-8.5.1-4 
Selinux policy changes:
- Allow watch,read on /var/run/netns directory and its content
- Add sys_admin capability

It seems like sys_admin is needed because frr is using setns function to change the actual namespace. Full log here:
type=PROCTITLE msg=audit(06/29/2023 03:42:07.692:559) : proctitle=/usr/libexec/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000 -n
type=SYSCALL msg=audit(06/29/2023 03:42:07.692:559) : arch=x86_64 syscall=setns success=no exit=EPERM(Operation not permitted) a0=0x11 a1=CLONE_NEWNET a2=0x0 a3=0x0 items=0 ppid=3692 pid=3701 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=zebra exe=/usr/libexec/frr/zebra subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(06/29/2023 03:42:07.692:559) : avc: denied { sys_admin } for pid=3701 comm=zebra capability=sys_admin scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=capability permissive=0

Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces
 2023-06-29 15:54:02 +02:00
Yaakov Selkowitz
7f0775ec07 Disable grpc in RHEL builds 
This is based on c9s:

bb27be6ef6
 2023-06-05 19:29:36 -04:00
Petr Písař
eee04cae3d Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) 2023-05-19 15:11:46 +02:00
Michal Ruprich
58b91e7bdb New version 8.5.1 2023-04-26 13:21:40 +02:00
Michal Ruprich
a5fc21e539 New version 8.5 2023-04-12 14:07:11 +02:00
Michal Ruprich
12b88485f2 Rebuilding for new abseil-cpp version 2023-03-23 13:33:53 +01:00
Michal Ruprich
f062556435 SPDX migration 2023-03-22 13:05:16 +01:00
Benjamin A. Beasley
28e257ed71 Build as C++17, required by abseil-cpp 20230125 2023-03-08 18:06:40 -05:00
Fedora Release Engineering
777829246b Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 03:57:19 +00:00
Michal Ruprich
a0c4fb9063 Adding an include for fips 2023-01-12 15:50:47 +01:00
Michal Ruprich
0d70491296 New version 8.4.2 2023-01-12 12:55:39 +01:00
Michal Ruprich
1787b2810b New version 8.4.1 
Fix for rhbz #2140705
 2022-11-25 18:02:48 +01:00
Michal Ruprich
d506655fff AVC when running the reload script for FRR 2022-11-23 09:13:27 +01:00
Michal Ruprich
5301cdd961 New version 8.4 2022-11-10 09:57:42 +01:00
Michal Ruprich
3905b5274d Adding SELinux rule to enable zebra to write to sysctl_net_t 
Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
 2022-09-16 16:00:15 +02:00
Michal Ruprich
41a038e1d1 Fixing an error in post scriptlet 2022-09-09 19:14:38 +02:00
Michal Ruprich
a7b3783ddc Resolves: #2124254 - frr can no longer update routes 2022-09-09 16:14:11 +02:00
Michal Ruprich
a2ffd90d49 Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr 
Better handling FRR files during upgrade
 2022-09-07 11:28:59 +02:00
Michal Ruprich
db09f8886c Adding sources 2022-09-06 12:48:05 +02:00
Michal Ruprich
6e63bc125e New version 8.3.1 2022-09-06 12:38:38 +02:00
Michal Ruprich
b2c9845f51 Rebuilding for new abseil-cpp and grpc updates 2022-08-22 14:09:39 +02:00
Zdenek Pytela
16d43cc08d Allow frr daemons bind generic sockets to tcp ports 
The vrrpd and pathd daemons need to bind to ports 2619/tcp and 2621/tcp.
This commit can be reverted if the inter-process communication changes
to using unix sockets in the future.

Addresses the following AVC denial:

type=PROCTITLE msg=audit(08/10/2022 05:32:53.905:257) : proctitle=/usr/libexec/frr/pathd -d -F traditional -A 127.0.0.1
type=AVC msg=audit(08/10/2022 05:32:53.905:257) : avc:  denied  { name_bind } for  pid=8625 comm=pathd src=2621 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(08/10/2022 05:32:53.905:257) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xc a1=0x55e3ba44fdd0 a2=0x10 a3=0x7fff610c2bd4 items=0 ppid=8623 pid=8625 auid=unset uid=geoclue gid=flatpak euid=geoclue suid=geoclue fsuid=geoclue egid=flatpak sgid=flatpak fsgid=flatpak tty=(none) ses=unset comm=pathd exe=/usr/libexec/frr/pathd subj=system_u:system_r:frr_t:s0 key=(null)
type=SOCKADDR msg=audit(08/10/2022 05:32:53.905:257) : saddr={ saddr_fam=inet laddr=127.0.0.1 lport=2621 }

Resolves: rhbz#2117262
 2022-08-19 10:30:23 +00:00
Michal Ruprich
d0157c4cbf Adding vrrpd and pathd to the policy 2022-08-10 12:03:08 +02:00
Michal Ruprich
40f863faec Finalizing SELinux policy 2022-08-10 10:36:08 +02:00