Resolves: #2273524 - frr fails to start: SELinux is preventing watchfrr from create access on the sock_file

2024-04-10 10:46:33 +02:00
parent 14d3b39746
commit 3489012fd4
2 changed files with 21 additions and 18 deletions
--- a/frr.fc
+++ b/frr.fc
@@ -7,23 +7,23 @@
 /var/log/frr(/.*)?              gen_context(system_u:object_r:frr_log_t,s0)
 /var/tmp/frr(/.*)?              gen_context(system_u:object_r:frr_tmp_t,s0)

-/var/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)

-/var/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
+/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)

 /usr/bin/vtysh              --  gen_context(system_u:object_r:frr_exec_t,s0)