rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

iptables-1.8.7-28.el9

Browse Source 
- extensions: SECMARK: Use a better context in test case

Related: rhbz#2047558
This commit is contained in:
Phil Sutter 2022-02-16 12:44:11 +01:00
parent 55e20eb624
commit 63c9e2ff10
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0026-extensions-SECMARK-Use-a-better-context-in-test-case.patch Normal file
View File

@ -0,0 +1,26 @@
From 45664de1be104ce9716227a0ad11ef2343ece3df Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 16 Jul 2021 21:51:49 +0200
Subject: [PATCH] extensions: SECMARK: Use a better context in test case
RHEL SELinux policies don't allow setting
system_u:object_r:firewalld_exec_t:s0 context. Use one instead which has
'packet_type' attribute (identified via
'seinfo -xt | grep packet_type').
---
extensions/libxt_SECMARK.t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/libxt_SECMARK.t b/extensions/libxt_SECMARK.t
index 39d4c09348bf4..295e7a7244902 100644
--- a/extensions/libxt_SECMARK.t
+++ b/extensions/libxt_SECMARK.t
@@ -1,4 +1,4 @@
:INPUT,FORWARD,OUTPUT
*security
--j SECMARK --selctx system_u:object_r:firewalld_exec_t:s0;=;OK
+-j SECMARK --selctx system_u:object_r:ssh_server_packet_t:s0;=;OK
-j SECMARK;;FAIL
--
2.34.1

6
iptables.spec
View File

@ -16,7 +16,7 @@ Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities Summary: Tools for managing Linux kernel packet filtering capabilities
URL: https://www.netfilter.org/projects/iptables URL: https://www.netfilter.org/projects/iptables
Version: 1.8.7 Version: 1.8.7
Release: 27%{?dist} Release: 28%{?dist}
Source: %{url}/files/%{name}-%{version}.tar.bz2 Source: %{url}/files/%{name}-%{version}.tar.bz2
Source1: iptables.init Source1: iptables.init
Source2: iptables-config Source2: iptables-config
@ -54,6 +54,7 @@ Patch22: 0022-ebtables-Dump-atomic-waste.patch
Patch23: 0023-nft-Fix-for-non-verbose-check-command.patch Patch23: 0023-nft-Fix-for-non-verbose-check-command.patch
Patch24: 0024-tests-shell-Assert-non-verbose-mode-is-silent.patch Patch24: 0024-tests-shell-Assert-non-verbose-mode-is-silent.patch
Patch25: 0025-extensions-SECMARK-Implement-revision-1.patch Patch25: 0025-extensions-SECMARK-Implement-revision-1.patch
Patch26: 0026-extensions-SECMARK-Use-a-better-context-in-test-case.patch
# pf.os: ISC license # pf.os: ISC license
# iptables-apply: Artistic 2.0 # iptables-apply: Artistic 2.0
@ -469,6 +470,9 @@ fi
%ghost %{_mandir}/man8/ebtables.8.gz %ghost %{_mandir}/man8/ebtables.8.gz
%changelog %changelog
* Wed Feb 16 2022 Phil Sutter <psutter@redhat.com> - 1.8.7-28
- extensions: SECMARK: Use a better context in test case
* Fri Jan 28 2022 Phil Sutter <psutter@redhat.com> - 1.8.7-27 * Fri Jan 28 2022 Phil Sutter <psutter@redhat.com> - 1.8.7-27
- extensions: SECMARK: Implement revision 1 - extensions: SECMARK: Implement revision 1