rpms
/
frr
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import frr-7.5.1-13.el8_9

Browse Source
c8 imports/c8/frr-7.5.1-13.el8_9
MSVSphere Packaging Team 11 months ago
parent c9bf754366
commit 1e209068d5
4 changed files with 68 additions and 7 deletions
Show Stats Download Patch File Download Diff File

0
SOURCES/0014-bfd-crash-in-MetalLB.patch → SOURCES/0014-bfd-profile-crash.patch
Unescape View File

44
SOURCES/frr.if
Unescape View File

@ -160,3 +160,47 @@ interface(`frr_admin',`
systemd_read_fifo_file_passwd_run($1) systemd_read_fifo_file_passwd_run($1)
') ')
') ')
########################################
## <summary>
## Read ifconfig_var_run_t files and link files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`sysnet_read_ifconfig_run',`
interface(`sysnet_read_ifconfig_run',`
gen_require(`
type ifconfig_var_run_t;
')
manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
')
')
########################################
## <summary>
## Read unconfined_t files and dirs
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`unconfined_read_files',`
interface(`unconfined_read_files',`
gen_require(`
type unconfined_t;
')
allow $1 unconfined_t:file read_file_perms;
allow $1 unconfined_t:dir list_dir_perms;
')
')

7
SOURCES/frr.te
Unescape View File

@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
# #
# frr local policy # frr local policy
# #
allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin }; allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms; allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket create; allow frr_t self:packet_socket create;
allow frr_t self:process { setcap setpgid }; allow frr_t self:process { setcap setpgid };
@ -96,6 +96,7 @@ fs_read_nsfs_files(frr_t)
fs_search_cgroup_dirs(frr_t) fs_search_cgroup_dirs(frr_t)
sysnet_exec_ifconfig(frr_t) sysnet_exec_ifconfig(frr_t)
sysnet_read_ifconfig_run(frr_t)
userdom_read_admin_home_files(frr_t) userdom_read_admin_home_files(frr_t)
@ -107,6 +108,10 @@ optional_policy(`
logging_send_syslog_msg(frr_t) logging_send_syslog_msg(frr_t)
') ')
optional_policy(`
unconfined_read_files(frr_t)
')
optional_policy(` optional_policy(`
modutils_exec_kmod(frr_t) modutils_exec_kmod(frr_t)
modutils_getattr_module_deps(frr_t) modutils_getattr_module_deps(frr_t)

24
SPECS/frr.spec
Unescape View File

@ -7,7 +7,7 @@
Name: frr Name: frr
Version: 7.5.1 Version: 7.5.1
Release: 7%{?checkout}%{?dist}.2 Release: 13%{?checkout}%{?dist}
Summary: Routing daemon Summary: Routing daemon
License: GPLv2+ License: GPLv2+
URL: http://www.frrouting.org URL: http://www.frrouting.org
@ -53,7 +53,7 @@ Patch0010: 0010-moving-executables.patch
Patch0011: 0011-reload-bfd-profile.patch Patch0011: 0011-reload-bfd-profile.patch
Patch0012: 0012-graceful-restart.patch Patch0012: 0012-graceful-restart.patch
Patch0013: 0013-CVE-2022-37032.patch Patch0013: 0013-CVE-2022-37032.patch
Patch0014: 0014-bfd-crash-in-MetalLB.patch Patch0014: 0014-bfd-profile-crash.patch
Patch0015: 0015-CVE-2023-38802.patch Patch0015: 0015-CVE-2023-38802.patch
%description %description
@ -275,11 +275,23 @@ make check PYTHON=%{__python3}
%endif %endif
%changelog %changelog
* Wed Sep 06 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7.2 * Wed Sep 13 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-13
- Resolves: #2236708 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router - Resolves: #2231000 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7.1 * Wed Aug 23 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-12
- Resolves: #2231829 - BFD crash in FRR running in MetalLB - Resolves: #2216911 - Adding missing sys_admin SELinux call
* Mon Aug 21 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-11
- Related: #2216911 - Adding unconfined_t type to access namespaces
* Thu Aug 17 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-10
- Related: #2226803 - Adding patch
* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-9
- Resolves: #2226803 - BFD crash in FRR running in MetalLB
* Fri Aug 11 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-8
- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
* Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7 * Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
- Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service - Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service

Write Preview
Loading…
Cancel
Save