Add CAP_NET_RAW for initializing the libnet library for udpspoof

resolves: rhbz#2176387
Do not allow having selinux-policy < 38.1.3-1
  resolves: rhbz#2176386
This commit is contained in:
alakatos 2023-03-06 09:38:22 +01:00
parent bd6b614291
commit bf71201ec3
2 changed files with 24 additions and 1 deletions

View File

@ -0,0 +1,11 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100
@@ -2164,6 +2164,7 @@ main(int argc, char **argv)
CAP_SETGID,
CAP_SETUID,
CAP_DAC_OVERRIDE,
+ CAP_NET_RAW,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,

View File

@ -5,7 +5,7 @@
Summary: Enhanced system logging and kernel message trapping daemon Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog Name: rsyslog
Version: 8.2102.0 Version: 8.2102.0
Release: 111%{?dist} Release: 113%{?dist}
License: (GPLv3+ and ASL 2.0) License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/ URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -37,6 +37,7 @@ Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -57,6 +58,8 @@ BuildRequires: systemd-devel >= 204-8
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: libcap-ng-devel BuildRequires: libcap-ng-devel
Conflicts: selinux-policy < 38.1.3-1
Recommends: %{name}-logrotate = %version-%release Recommends: %{name}-logrotate = %version-%release
Requires: bash >= 2.0 Requires: bash >= 2.0
%{?systemd_ordering} %{?systemd_ordering}
@ -289,6 +292,7 @@ mv build doc
%patch16 -p1 -b .libcap-ng %patch16 -p1 -b .libcap-ng
%patch17 -p1 -b .imklog-leak %patch17 -p1 -b .imklog-leak
%patch18 -p1 -b .capabilities-drop-credential %patch18 -p1 -b .capabilities-drop-credential
%patch19 -p1 -b .capabilities-capnetraw
pushd .. pushd ..
%patch9 -p1 -b .openssl-compatibility %patch9 -p1 -b .openssl-compatibility
@ -554,6 +558,14 @@ done
%changelog %changelog
* Tue Mar 07 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113
- Do not allow having selinux-policy < 38.1.3-1
resolves: rhbz#2176386
* Mon Mar 06 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-112
- Add CAP_NET_RAW for initializing the libnet library for udpspoof
resolves: rhbz#2176387
* Wed Feb 22 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-111 * Wed Feb 22 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-111
- Rebuild - Rebuild
resolves: rhbz#2169748 resolves: rhbz#2169748