Routing daemon
16d43cc08d
The vrrpd and pathd daemons need to bind to ports 2619/tcp and 2621/tcp.
This commit can be reverted if the inter-process communication changes
to using unix sockets in the future.
Addresses the following AVC denial:
type=PROCTITLE msg=audit(08/10/2022 05:32:53.905:257) : proctitle=/usr/libexec/frr/pathd -d -F traditional -A 127.0.0.1
type=AVC msg=audit(08/10/2022 05:32:53.905:257) : avc: denied { name_bind } for pid=8625 comm=pathd src=2621 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(08/10/2022 05:32:53.905:257) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xc a1=0x55e3ba44fdd0 a2=0x10 a3=0x7fff610c2bd4 items=0 ppid=8623 pid=8625 auid=unset uid=geoclue gid=flatpak euid=geoclue suid=geoclue fsuid=geoclue egid=flatpak sgid=flatpak fsgid=flatpak tty=(none) ses=unset comm=pathd exe=/usr/libexec/frr/pathd subj=system_u:system_r:frr_t:s0 key=(null)
type=SOCKADDR msg=audit(08/10/2022 05:32:53.905:257) : saddr={ saddr_fam=inet laddr=127.0.0.1 lport=2621 }
Resolves: rhbz#2117262
|
||
|---|---|---|
| .fmf | ||
| plans | ||
| .gitignore | ||
| 0000-remove-babeld-and-ldpd.patch | ||
| 0002-enable-openssl.patch | ||
| 0003-disable-eigrp-crypto.patch | ||
| 0004-fips-mode.patch | ||
| 0005-remove-grpc-test.patch | ||
| 0006-cve-2022-26126.patch | ||
| frr-sysusers.conf | ||
| frr-tmpfiles.conf | ||
| frr.fc | ||
| frr.if | ||
| frr.spec | ||
| frr.te | ||
| gating.yaml | ||
| README.md | ||
| sources | ||
frr
The frr package