Adding SELinux rule to enable zebra to write to sysctl_net_t
Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
This commit is contained in:
Michal Ruprich
3
frr.te
3
frr.te
@@ -68,7 +68,7 @@ allow frr_t frr_exec_t:dir search_dir_perms;
|
||||
can_exec(frr_t, frr_exec_t)
|
||||
|
||||
kernel_read_network_state(frr_t)
|
||||
kernel_read_net_sysctls(frr_t)
|
||||
kernel_rw_net_sysctls(frr_t)
|
||||
kernel_read_system_state(frr_t)
|
||||
|
||||
auth_use_nsswitch(frr_t)
|
||||
@@ -80,6 +80,7 @@ corenet_udp_bind_bfd_control_port(frr_t)
|
||||
corenet_udp_bind_bfd_echo_port(frr_t)
|
||||
corenet_udp_bind_bfd_multi_port(frr_t)
|
||||
corenet_tcp_bind_bgp_port(frr_t)
|
||||
corenet_tcp_connect_bgp_port(frr_t)
|
||||
corenet_tcp_bind_cmadmin_port(frr_t)
|
||||
corenet_udp_bind_cmadmin_port(frr_t)
|
||||
corenet_tcp_bind_generic_port(frr_t)
|
||||
|
||||
Reference in New Issue
Block a user