iptables/SOURCES/0128-extensions-SECMARK-Use-a-better-context-in-test-case.patch
2023-11-14 19:59:13 +00:00

29 lines
955 B
Diff

From f24ad92bea508ba2e037a4d2e57770371554e47f Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 16 Jul 2021 21:51:49 +0200
Subject: [PATCH] extensions: SECMARK: Use a better context in test case
RHEL SELinux policies don't allow setting
system_u:object_r:firewalld_exec_t:s0 context. Use one instead which has
'packet_type' attribute (identified via
'seinfo -xt | grep packet_type').
(cherry picked from commit 0f730df43caa68e03380111b40e357141ccce709)
---
extensions/libxt_SECMARK.t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/libxt_SECMARK.t b/extensions/libxt_SECMARK.t
index 39d4c09348bf4..295e7a7244902 100644
--- a/extensions/libxt_SECMARK.t
+++ b/extensions/libxt_SECMARK.t
@@ -1,4 +1,4 @@
:INPUT,FORWARD,OUTPUT
*security
--j SECMARK --selctx system_u:object_r:firewalld_exec_t:s0;=;OK
+-j SECMARK --selctx system_u:object_r:ssh_server_packet_t:s0;=;OK
-j SECMARK;;FAIL
--
2.40.0