4274fcf999
* Fri Oct 27 2023 Phil Sutter <psutter@redhat.com> [1.8.10-1.el9] - spec: Support for _excludedocs macro in alternatives installation (Phil Sutter) [RHEL-5810] - Rebase onto version 1.8.10 (Phil Sutter) [RHEL-14147] Resolves: RHEL-14147, RHEL-5810
29 lines
1000 B
Diff
29 lines
1000 B
Diff
From 4388fad6c3874a3861907734f9a6368cfd0a731c Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <psutter@redhat.com>
|
|
Date: Fri, 16 Jul 2021 21:51:49 +0200
|
|
Subject: [PATCH] extensions: SECMARK: Use a better context in test case
|
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2047558
|
|
Upstream Status: RHEL-only
|
|
|
|
RHEL SELinux policies don't allow setting
|
|
system_u:object_r:firewalld_exec_t:s0 context. Use one instead which has
|
|
'packet_type' attribute (identified via
|
|
'seinfo -xt | grep packet_type').
|
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
extensions/libxt_SECMARK.t | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/extensions/libxt_SECMARK.t b/extensions/libxt_SECMARK.t
|
|
index 39d4c09..295e7a7 100644
|
|
--- a/extensions/libxt_SECMARK.t
|
|
+++ b/extensions/libxt_SECMARK.t
|
|
@@ -1,4 +1,4 @@
|
|
:INPUT,FORWARD,OUTPUT
|
|
*security
|
|
--j SECMARK --selctx system_u:object_r:firewalld_exec_t:s0;=;OK
|
|
+-j SECMARK --selctx system_u:object_r:ssh_server_packet_t:s0;=;OK
|
|
-j SECMARK;;FAIL
|