Compare commits
12 Commits
frr-8.5.2-
...
9f47d698f5
| Author | SHA1 | Date | |
|---|---|---|---|
|
9f47d698f5 | ||
| cb7be7535f | |||
|
12cd4431e4 | ||
|
|
858f96ce3e | ||
|
|
519e1a5f6a | ||
|
|
964a13758e | ||
|
|
a5ca1b7fce | ||
|
|
8c46bbbf5c | ||
|
|
61a4e5aa67 | ||
|
|
2462abb0da | ||
|
|
c4595285be | ||
|
|
879b7a1f73 |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -14,6 +14,3 @@
|
|||||||
/frr-8.4.tar.gz
|
/frr-8.4.tar.gz
|
||||||
/frr-8.4.1.tar.gz
|
/frr-8.4.1.tar.gz
|
||||||
/frr-8.4.2.tar.gz
|
/frr-8.4.2.tar.gz
|
||||||
/frr-8.5.tar.gz
|
|
||||||
/frr-8.5.1.tar.gz
|
|
||||||
/frr-8.5.2.tar.gz
|
|
||||||
|
|||||||
4
frr.fc
4
frr.fc
@@ -1,4 +1,4 @@
|
|||||||
/usr/libexec/frr/(.*)? gen_context(system_u:object_r:frr_exec_t,s0)
|
/usr/libexec/frr(/.*)? gen_context(system_u:object_r:frr_exec_t,s0)
|
||||||
|
|
||||||
/usr/lib/systemd/system/frr.* gen_context(system_u:object_r:frr_unit_file_t,s0)
|
/usr/lib/systemd/system/frr.* gen_context(system_u:object_r:frr_unit_file_t,s0)
|
||||||
|
|
||||||
@@ -21,8 +21,6 @@
|
|||||||
/var/lock/subsys/ripngd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
/var/lock/subsys/ripngd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
/var/lock/subsys/staticd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
/var/lock/subsys/staticd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
/var/lock/subsys/zebra -- gen_context(system_u:object_r:frr_lock_t,s0)
|
/var/lock/subsys/zebra -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
/var/lock/subsys/vrrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
|
||||||
/var/lock/subsys/pathd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
|
||||||
|
|
||||||
/var/run/frr(/.*)? gen_context(system_u:object_r:frr_var_run_t,s0)
|
/var/run/frr(/.*)? gen_context(system_u:object_r:frr_var_run_t,s0)
|
||||||
|
|
||||||
|
|||||||
53
frr.if
53
frr.if
@@ -160,56 +160,3 @@ interface(`frr_admin',`
|
|||||||
systemd_read_fifo_file_passwd_run($1)
|
systemd_read_fifo_file_passwd_run($1)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
#
|
|
||||||
# Interface compatibility blocks
|
|
||||||
#
|
|
||||||
# The following definitions ensure compatibility with distribution policy
|
|
||||||
# versions that do not contain given interfaces (epel, or older Fedora
|
|
||||||
# releases).
|
|
||||||
# Each block tests for existence of given interface and defines it if needed.
|
|
||||||
#
|
|
||||||
|
|
||||||
######################################
|
|
||||||
## <summary>
|
|
||||||
## Watch ifconfig_var_run_t directories
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
ifndef(`sysnet_watch_ifconfig_run',`
|
|
||||||
interface(`sysnet_watch_ifconfig_run',`
|
|
||||||
gen_require(`
|
|
||||||
type ifconfig_var_run_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
|
|
||||||
')
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Read ifconfig_var_run_t files and link files
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
ifndef(`sysnet_read_ifconfig_run',`
|
|
||||||
interface(`sysnet_read_ifconfig_run',`
|
|
||||||
gen_require(`
|
|
||||||
type ifconfig_var_run_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
|
|
||||||
read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
|
|
||||||
read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
|
|
||||||
')
|
|
||||||
')
|
|
||||||
|
|
||||||
|
|||||||
29
frr.spec
29
frr.spec
@@ -8,7 +8,7 @@
|
|||||||
%bcond_without selinux
|
%bcond_without selinux
|
||||||
|
|
||||||
Name: frr
|
Name: frr
|
||||||
Version: 8.5.2
|
Version: 8.4.2
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Routing daemon
|
Summary: Routing daemon
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
@@ -270,19 +270,6 @@ rm tests/lib/*grpc*
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1
|
|
||||||
- New version 8.5.2
|
|
||||||
- Fixing a couple of SELinux issues
|
|
||||||
|
|
||||||
* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1
|
|
||||||
- New version 8.5.1
|
|
||||||
|
|
||||||
* Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1
|
|
||||||
- New version 8.5
|
|
||||||
|
|
||||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jan 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-1
|
* Thu Jan 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-1
|
||||||
- New version 8.4.2
|
- New version 8.4.2
|
||||||
|
|
||||||
@@ -293,12 +280,15 @@ rm tests/lib/*grpc*
|
|||||||
* Thu Nov 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.4-1
|
* Thu Nov 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.4-1
|
||||||
- New version 8.4
|
- New version 8.4
|
||||||
|
|
||||||
|
* Thu Sep 22 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-6
|
||||||
|
- Rebuilding because of weird abseil-cpp version mismatch in the compose (rhbz #2128691)
|
||||||
|
|
||||||
* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
|
* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
|
||||||
- Adding SELinux rule to enable zebra to write to sysctl_net_t
|
- Adding SELinux rule to enable zebra to write to sysctl_net_t
|
||||||
- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
|
- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
|
||||||
|
|
||||||
* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
|
* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
|
||||||
- Fixing an error in post scriptlet
|
- Adding a couple of rules to tackle AVCs
|
||||||
|
|
||||||
* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
|
* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
|
||||||
- Resolves: #2124254 - frr can no longer update routes
|
- Resolves: #2124254 - frr can no longer update routes
|
||||||
@@ -310,15 +300,6 @@ rm tests/lib/*grpc*
|
|||||||
* Tue Sep 06 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
|
* Tue Sep 06 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
|
||||||
- New version 8.3.1
|
- New version 8.3.1
|
||||||
|
|
||||||
* Mon Aug 22 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-10
|
|
||||||
- Rebuilding for new abseil-cpp and grpc updates
|
|
||||||
|
|
||||||
* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-9
|
|
||||||
- Adding vrrpd and pathd as daemons to the policy
|
|
||||||
|
|
||||||
* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-8
|
|
||||||
- Finalizing SELinux policy
|
|
||||||
|
|
||||||
* Tue Aug 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-7
|
* Tue Aug 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-7
|
||||||
- Fixing wrong path for vtysh in frr.fc
|
- Fixing wrong path for vtysh in frr.fc
|
||||||
|
|
||||||
|
|||||||
6
frr.te
6
frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
|
|||||||
#
|
#
|
||||||
# frr local policy
|
# frr local policy
|
||||||
#
|
#
|
||||||
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
|
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
|
||||||
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
|
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||||
allow frr_t self:packet_socket { create setopt };
|
allow frr_t self:packet_socket { create setopt };
|
||||||
allow frr_t self:process { setcap setpgid };
|
allow frr_t self:process { setcap setpgid };
|
||||||
@@ -83,8 +83,8 @@ corenet_tcp_bind_bgp_port(frr_t)
|
|||||||
corenet_tcp_connect_bgp_port(frr_t)
|
corenet_tcp_connect_bgp_port(frr_t)
|
||||||
corenet_tcp_bind_cmadmin_port(frr_t)
|
corenet_tcp_bind_cmadmin_port(frr_t)
|
||||||
corenet_udp_bind_cmadmin_port(frr_t)
|
corenet_udp_bind_cmadmin_port(frr_t)
|
||||||
corenet_tcp_bind_firepower_port(frr_t)
|
|
||||||
corenet_tcp_bind_generic_port(frr_t)
|
corenet_tcp_bind_generic_port(frr_t)
|
||||||
|
corenet_tcp_bind_firepower_port(frr_t)
|
||||||
corenet_tcp_bind_priority_e_com_port(frr_t)
|
corenet_tcp_bind_priority_e_com_port(frr_t)
|
||||||
corenet_udp_bind_router_port(frr_t)
|
corenet_udp_bind_router_port(frr_t)
|
||||||
corenet_tcp_bind_qpasa_agent_port(frr_t)
|
corenet_tcp_bind_qpasa_agent_port(frr_t)
|
||||||
@@ -97,8 +97,6 @@ domain_use_interactive_fds(frr_t)
|
|||||||
fs_read_nsfs_files(frr_t)
|
fs_read_nsfs_files(frr_t)
|
||||||
|
|
||||||
sysnet_exec_ifconfig(frr_t)
|
sysnet_exec_ifconfig(frr_t)
|
||||||
sysnet_read_ifconfig_run(frr_t)
|
|
||||||
sysnet_watch_ifconfig_run(frr_t)
|
|
||||||
|
|
||||||
userdom_read_admin_home_files(frr_t)
|
userdom_read_admin_home_files(frr_t)
|
||||||
|
|
||||||
|
|||||||
2
sources
2
sources
@@ -1,2 +1,2 @@
|
|||||||
SHA512 (frr-8.5.2.tar.gz) = a5eadd8c88966b58ebc0e7b92311bda16b391abe727861eed772ded678f5a84d84421fbfd4b23c4a2b18ab3d2dcd5b2c9099491dab6958b63c39a9c67c4508d2
|
SHA512 (frr-8.4.2.tar.gz) = 1079bf3f597cc21ccbc37c5617cfb95f6e066de2a726a9b8ffb5825f92af3049d0e19ef4e9944a9e11dabc4309c56f0ab22e4c9188f5008ebcea47e0428f3ff0
|
||||||
SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d
|
SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d
|
||||||
|
|||||||
Reference in New Issue
Block a user