import frr-7.5.1-13.el8_9

c8 imports/c8/frr-7.5.1-13.el8_9
MSVSphere Packaging Team 11 months ago
parent c9bf754366
commit 1e209068d5

@ -160,3 +160,47 @@ interface(`frr_admin',`
systemd_read_fifo_file_passwd_run($1)
')
')
########################################
## <summary>
## Read ifconfig_var_run_t files and link files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`sysnet_read_ifconfig_run',`
interface(`sysnet_read_ifconfig_run',`
gen_require(`
type ifconfig_var_run_t;
')
manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
')
')
########################################
## <summary>
## Read unconfined_t files and dirs
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`unconfined_read_files',`
interface(`unconfined_read_files',`
gen_require(`
type unconfined_t;
')
allow $1 unconfined_t:file read_file_perms;
allow $1 unconfined_t:dir list_dir_perms;
')
')

@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
#
# frr local policy
#
allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket create;
allow frr_t self:process { setcap setpgid };
@ -96,6 +96,7 @@ fs_read_nsfs_files(frr_t)
fs_search_cgroup_dirs(frr_t)
sysnet_exec_ifconfig(frr_t)
sysnet_read_ifconfig_run(frr_t)
userdom_read_admin_home_files(frr_t)
@ -107,6 +108,10 @@ optional_policy(`
logging_send_syslog_msg(frr_t)
')
optional_policy(`
unconfined_read_files(frr_t)
')
optional_policy(`
modutils_exec_kmod(frr_t)
modutils_getattr_module_deps(frr_t)

@ -7,7 +7,7 @@
Name: frr
Version: 7.5.1
Release: 7%{?checkout}%{?dist}.2
Release: 13%{?checkout}%{?dist}
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
@ -53,7 +53,7 @@ Patch0010: 0010-moving-executables.patch
Patch0011: 0011-reload-bfd-profile.patch
Patch0012: 0012-graceful-restart.patch
Patch0013: 0013-CVE-2022-37032.patch
Patch0014: 0014-bfd-crash-in-MetalLB.patch
Patch0014: 0014-bfd-profile-crash.patch
Patch0015: 0015-CVE-2023-38802.patch
%description
@ -275,11 +275,23 @@ make check PYTHON=%{__python3}
%endif
%changelog
* Wed Sep 06 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7.2
- Resolves: #2236708 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
* Wed Sep 13 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-13
- Resolves: #2231000 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7.1
- Resolves: #2231829 - BFD crash in FRR running in MetalLB
* Wed Aug 23 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-12
- Resolves: #2216911 - Adding missing sys_admin SELinux call
* Mon Aug 21 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-11
- Related: #2216911 - Adding unconfined_t type to access namespaces
* Thu Aug 17 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-10
- Related: #2226803 - Adding patch
* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-9
- Resolves: #2226803 - BFD crash in FRR running in MetalLB
* Fri Aug 11 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-8
- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
* Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
- Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service

Loading…
Cancel
Save