diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | frr-sysusers.conf | 4 | ||||
| -rw-r--r-- | frr-tmpfiles.conf | 1 | ||||
| -rw-r--r-- | frr.fc | 29 | ||||
| -rw-r--r-- | frr.if | 214 | ||||
| -rw-r--r-- | frr.spec | 550 | ||||
| -rw-r--r-- | frr.te | 125 | ||||
| -rw-r--r-- | sources | 1 |
8 files changed, 925 insertions, 0 deletions
@@ -0,0 +1 @@ +/frr-10.1.tar.gz diff --git a/frr-sysusers.conf b/frr-sysusers.conf new file mode 100644 index 0000000..9632955 --- /dev/null +++ b/frr-sysusers.conf @@ -0,0 +1,4 @@ +#Type Name ID GECOS Home directory Shell +g frrvty - +u frr - "FRRouting routing suite" /var/run/frr /sbin/nologin +m frr frrvty diff --git a/frr-tmpfiles.conf b/frr-tmpfiles.conf new file mode 100644 index 0000000..c1613b2 --- /dev/null +++ b/frr-tmpfiles.conf @@ -0,0 +1 @@ +d /run/frr 0755 frr frr - @@ -0,0 +1,29 @@ +/usr/libexec/frr/(.*)? gen_context(system_u:object_r:frr_exec_t,s0) + +/usr/lib/systemd/system/frr.* gen_context(system_u:object_r:frr_unit_file_t,s0) + +/etc/frr(/.*)? gen_context(system_u:object_r:frr_conf_t,s0) + +/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0) +/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0) + +/run/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/eigrpd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/fabricd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/isisd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/nhrpd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/ospf6d -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/ospfd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/pbrd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/pimd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/ripd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/ripngd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/staticd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/zebra -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/vrrpd -- gen_context(system_u:object_r:frr_lock_t,s0) +/run/lock/subsys/pathd -- gen_context(system_u:object_r:frr_lock_t,s0) + +/run/frr(/.*)? gen_context(system_u:object_r:frr_var_run_t,s0) + +/usr/bin/vtysh -- gen_context(system_u:object_r:frr_exec_t,s0) @@ -0,0 +1,214 @@ +## <summary>policy for frr</summary> + +######################################## +## <summary> +## Execute frr_exec_t in the frr domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`frr_domtrans',` + gen_require(` + type frr_t, frr_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, frr_exec_t, frr_t) +') + +###################################### +## <summary> +## Execute frr in the caller domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`frr_exec',` + gen_require(` + type frr_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, frr_exec_t) +') + +######################################## +## <summary> +## Read frr's log files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`frr_read_log',` + gen_require(` + type frr_log_t; + ') + + read_files_pattern($1, frr_log_t, frr_log_t) + optional_policy(` + logging_search_logs($1) + ') +') + +######################################## +## <summary> +## Append to frr log files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`frr_append_log',` + gen_require(` + type frr_log_t; + ') + + append_files_pattern($1, frr_log_t, frr_log_t) + optional_policy(` + logging_search_logs($1) + ') +') + +######################################## +## <summary> +## Manage frr log files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`frr_manage_log',` + gen_require(` + type frr_log_t; + ') + + manage_dirs_pattern($1, frr_log_t, frr_log_t) + manage_files_pattern($1, frr_log_t, frr_log_t) + manage_lnk_files_pattern($1, frr_log_t, frr_log_t) + optional_policy(` + logging_search_logs($1) + ') +') + +######################################## +## <summary> +## Read frr PID files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`frr_read_pid_files',` + gen_require(` + type frr_var_run_t; + ') + + files_search_pids($1) + read_files_pattern($1, frr_var_run_t, frr_var_run_t) +') + +######################################## +## <summary> +## All of the rules required to administrate +## an frr environment +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`frr_admin',` + gen_require(` + type frr_t; + type frr_log_t; + type frr_var_run_t; + ') + + allow $1 frr_t:process { signal_perms }; + ps_process_pattern($1, frr_t) + + tunable_policy(`deny_ptrace',`',` + allow $1 frr_t:process ptrace; + ') + + admin_pattern($1, frr_log_t) + + files_search_pids($1) + admin_pattern($1, frr_var_run_t) + optional_policy(` + logging_search_logs($1) + ') + optional_policy(` + systemd_passwd_agent_exec($1) + systemd_read_fifo_file_passwd_run($1) + ') +') + +######################################## +# +# Interface compatibility blocks +# +# The following definitions ensure compatibility with distribution policy +# versions that do not contain given interfaces (epel, or older Fedora +# releases). +# Each block tests for existence of given interface and defines it if needed. +# + +###################################### +## <summary> +## Watch ifconfig_var_run_t directories +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +ifndef(`sysnet_watch_ifconfig_run_dirs',` + interface(`sysnet_watch_ifconfig_run_dirs',` + gen_require(` + type ifconfig_var_run_t; + ') + + watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t) + ') +') + +######################################## +## <summary> +## Read ifconfig_var_run_t files and link files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +ifndef(`sysnet_read_ifconfig_run_files',` + interface(`sysnet_read_ifconfig_run_files',` + gen_require(` + type ifconfig_var_run_t; + ') + + list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t) + read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t) + read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t) + ') +') diff --git a/frr.spec b/frr.spec new file mode 100644 index 0000000..afc93ac --- /dev/null +++ b/frr.spec @@ -0,0 +1,550 @@ +%global frr_libdir %{_libexecdir}/frr + +%global _hardened_build 1 +%global selinuxtype targeted +%define _legacy_common_support 1 + +%bcond grpc 0 +%bcond selinux 0 + +Name: frr +Version: 10.1 +Release: 1%{?dist} +Summary: Routing daemon +License: GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later OR ISC) AND MIT +URL: http://www.frrouting.org +Source0: https://github.com/FRRouting/frr/archive/refs/tags/%{name}-%{version}.tar.gz +Source1: %{name}-tmpfiles.conf +Source2: %{name}-sysusers.conf +#Decentralized SELinux policy +Source3: frr.fc +Source4: frr.te +Source5: frr.if + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bison >= 2.7 +BuildRequires: c-ares-devel +BuildRequires: flex +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: git-core +BuildRequires: groff +%if %{with grpc} +BuildRequires: grpc-devel +BuildRequires: grpc-plugins +%endif +BuildRequires: json-c-devel +BuildRequires: libcap-devel +BuildRequires: libtool +BuildRequires: libyang-devel >= 2.0.0 +BuildRequires: make +BuildRequires: ncurses +BuildRequires: ncurses-devel +BuildRequires: net-snmp-devel +BuildRequires: pam-devel +BuildRequires: patch +BuildRequires: perl-XML-LibXML +BuildRequires: perl-generators +BuildRequires: python3-devel +BuildRequires: python3-pytest +BuildRequires: python3-sphinx +BuildRequires: readline-devel +BuildRequires: systemd-devel +BuildRequires: systemd +BuildRequires: texinfo +BuildRequires: protobuf-c-devel +BuildRequires: librtr-devel + +Requires: ncurses +Requires: net-snmp +Requires(post): hostname +%{?sysusers_requires_compat} +Requires(post): systemd +Requires(postun): systemd +Requires(preun): systemd + +%if 0%{?with_selinux} +Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) +%endif + +Obsoletes: quagga < 1.2.4-17 +Provides: routingdaemon = %{version}-%{release} + +%description +FRRouting is free software that manages TCP/IP based routing protocols. It takes +a multi-server and multi-threaded approach to resolve the current complexity +of the Internet. + +FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, +EIGRP and BFD. + +FRRouting is a fork of Quagga. + +%if 0%{?with_selinux} +%package selinux +Summary: Selinux policy for FRR +BuildArch: noarch +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +%{?selinux_requires} + +%description selinux +SELinux policy modules for FRR package + +%endif + +%prep +%autosetup -S git +#Selinux +mkdir selinux +cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux +# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17: +sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac + +%build +autoreconf -ivf + +%configure \ + --sbindir=%{frr_libdir} \ + --sysconfdir=%{_sysconfdir}/frr \ + --libdir=%{_libdir}/frr \ + --libexecdir=%{_libexecdir}/frr \ + --localstatedir=/run/frr \ + --enable-multipath=64 \ + --enable-vtysh=yes \ + --disable-ospfclient \ + --disable-ospfapi \ + --enable-snmp=agentx \ + --enable-user=frr \ + --enable-group=frr \ + --enable-vty-group=frrvty \ + --enable-rtadv \ + --disable-exampledir \ + --enable-systemd=yes \ + --enable-static=no \ + --with-moduledir=%{_libdir}/frr/modules \ + --with-yangmodelsdir=%{_datadir}/frr-yang/ \ + --with-crypto=openssl \ + --enable-fpm \ + --enable-rpki \ + %{?with_grpc:--enable-grpc} + +%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3} + +# Build info documentation +%make_build -C doc info + +#SELinux policy +%if 0%{?with_selinux} +make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp +bzip2 -9 selinux/%{name}.pp +%endif + +%install +mkdir -p %{buildroot}%{_sysconfdir}/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \ + %{buildroot}%{_localstatedir}/log/frr %{buildroot}%{_infodir} \ + %{buildroot}%{_unitdir} + +mkdir -p -m 0755 %{buildroot}%{_libdir}/frr +mkdir -p %{buildroot}%{_tmpfilesdir} +mkdir -p %{buildroot}%{_sysusersdir} + +%make_install + +# Remove this file, as it is uninstalled and causes errors when building on RH9 +rm -rf %{buildroot}%{_infodir}/dir + +install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf +install -p -m 644 tools/etc/frr/daemons %{buildroot}%{_sysconfdir}/frr/daemons +install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service +install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr +install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh +install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh + +install -p -m 644 redhat/frr.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/frr +install -p -m 644 redhat/frr.pam %{buildroot}%{_sysconfdir}/pam.d/frr +install -d -m 775 %{buildroot}/run/frr + +%if 0%{?with_selinux} +install -D -m 644 selinux/%{name}.pp.bz2 \ + %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if +%endif + +# Delete libtool archives +find %{buildroot} -type f -name "*.la" -delete -print + +#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed +rm %{buildroot}%{_libdir}/frr/*.so +rm -r %{buildroot}%{_includedir}/frr/ + +%pre +%sysusers_create_package %{name} %{SOURCE2} + +%post +%systemd_post frr.service + +# Create dummy files if they don't exist so basic functions can be used. +if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then + echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf + chown frr:frr %{_sysconfdir}/frr/frr.conf + chmod 640 %{_sysconfdir}/frr/frr.conf +fi + +#still used by vtysh, this way no error is produced when using vtysh +if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then + touch %{_sysconfdir}/frr/vtysh.conf + chmod 640 %{_sysconfdir}/frr/vtysh.conf + chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf +fi + +%postun +%systemd_postun_with_restart frr.service + +%preun +%systemd_preun frr.service + +#SELinux +%if 0%{?with_selinux} +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} +#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade +if [ $1 == 2 ]; then + %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null + %{_sbindir}/restorecon -R /run/frr &> /dev/null +fi + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi + +%endif + +%check +#this should be temporary, the grpc test is just badly designed +rm tests/lib/*grpc* +%make_build check PYTHON=%{__python3} + +%files +%license COPYING +%doc doc/mpls +%dir %attr(750,frr,frr) %{_sysconfdir}/frr +%dir %attr(755,frr,frr) %{_localstatedir}/log/frr +%dir %attr(755,frr,frr) /run/frr +%{_infodir}/*info* +%{_mandir}/man1/frr.1* +%{_mandir}/man1/vtysh.1* +%{_mandir}/man8/frr-*.8* +%{_mandir}/man8/mtracebis.8* +%dir %{frr_libdir}/ +%{frr_libdir}/* +%{_bindir}/mtracebis +%{_bindir}/vtysh +%dir %{_libdir}/frr +%{_libdir}/frr/*.so.* +%dir %{_libdir}/frr/modules +%{_libdir}/frr/modules/* +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/frr +%config(noreplace) %attr(644,frr,frr) %{_sysconfdir}/frr/daemons +%config(noreplace) %{_sysconfdir}/pam.d/frr +%{_unitdir}/*.service +%dir %{_datadir}/frr-yang +%{_datadir}/frr-yang/*.yang +%{_tmpfilesdir}/%{name}.conf +%{_sysusersdir}/%{name}.conf + +%if 0%{?with_selinux} +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.* +%{_datadir}/selinux/devel/include/distributed/%{name}.if +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + +%changelog +* Mon Aug 12 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-1 +- New version 10.1 + +* Wed Jul 31 2024 Michal Ruprich <mruprich@redhat.com> - 10.0.1-1 +- New version 10.0.1 + +* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Apr 17 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-4 +- Moving yang modules to frr specific dir to avoid conflicts +- Adding rpminspect.yaml + +* Sat Feb 24 2024 Paul Wouters <paul.wouters@aiven.io> - 9.1-3 +- Rebuild for libre2.so.11 bump + +* Sun Feb 04 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1-2 +- Rebuilt for abseil-cpp-20240116.0 + +* Thu Jan 25 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-1 +- New version 9.1 + +* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Oct 16 2023 Michal Ruprich <mruprich@redhat.com> - 9.0.1-1 +- New version 9.0.1 + +* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4 +- Adding a couple of SELinux rules, includes fix for rhbz#2149299 + +* Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3 +- Rebuilt for abseil-cpp 20230802.0 + +* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1 +- New version 8.5.2 +- Fixing some rpmlint warnings + +* Mon Jun 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-4 +- Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces. + +* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 8.5.1-3 +- Disable grpc in RHEL builds + +* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 8.5.1-2 +- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) + +* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1 +- New version 8.5.1 + +* Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1 +- New version 8.5 + +* Thu Mar 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-5 +- Rebuilding for new abseil-cpp version + +* Wed Mar 22 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-4 +- SPDX migration + +* Wed Mar 08 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.4.2-3 +- Build as C++17, required by abseil-cpp 20230125 + +* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jan 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-1 +- New version 8.4.2 + +* Fri Nov 25 2022 Michal Ruprich <mruprich@redhat.com> - 8.4.1-1 +- New version 8.4.1 +- Fix for rhbz #2140705 + +* Thu Nov 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.4-1 +- New version 8.4 + +* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5 +- Adding SELinux rule to enable zebra to write to sysctl_net_t +- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t + +* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4 +- Fixing an error in post scriptlet + +* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3 +- Resolves: #2124254 - frr can no longer update routes + +* Wed Sep 07 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2 +- Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr +- Better handling FRR files during upgrade + +* Tue Sep 06 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1 +- New version 8.3.1 + +* Mon Aug 22 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-10 +- Rebuilding for new abseil-cpp and grpc updates + +* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-9 +- Adding vrrpd and pathd as daemons to the policy + +* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-8 +- Finalizing SELinux policy + +* Tue Aug 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-7 +- Fixing wrong path for vtysh in frr.fc + +* Fri Jul 29 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.2.2-6 +- Rebuild with abseil-cpp-20211102.0-4.fc37 (RHBZ#2108658) + +* Wed Jul 27 2022 Michal Ruprich - 8.2.2-5 +- Packaging SELinux policy for FRR + +* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue May 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-3 +- Rebuild for grpc-1.46.1 + +* Mon Apr 11 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-2 +- Fix for CVE-2022-16126 + +* Tue Mar 15 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-1 +- New version 8.2.2 + +* Thu Mar 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-2 +- Rebuild for abseil-cpp 20211102.0 + +* Wed Mar 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-1 +- New version 8.2 (rhbz#2020439) +- Resolves: #2011868 - systemctl frr reload does not stop daemons that are not enabled in /etc/frr/daemons + +* Tue Feb 01 2022 Michal Ruprich <mruprich@redhat.com> - 8.0.1-11 +- Rebuilding for FTBFS in Rawhide(rhbz#2045399) + +* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 8.0.1-9 +- Rebuilt for libre2.so.9 + +* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-8 +- Rebuilt for protobuf 3.19.0 + +* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-7 +- Rebuilt for protobuf 3.18.1 + +* Fri Oct 15 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-6 +- Obsoleting quagga so that it may be retired + +* Thu Oct 07 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-5 +- Rebuilding for grpc 1.41 + +* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-4 +- Rebuild for new version of libyang + +* Sat Sep 18 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.1-3 +- Rebuild for grpc 1.40 + +* Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 8.0.1-2 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-1 +- New version 8.0.1 + +* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.0-2 +- Rebuilt with OpenSSL 3.0.0 + +* Wed Aug 11 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1 +- New version 8.0 + +* Wed Aug 04 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-9 +- Rebuild for grpc 1.39 + +* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7 +- Resolves: #1983278 - ospfd crashes in route_node_delete with assertion fail + +* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> - 7.5.1-6 +- Rebuild for versioned symbols in json-c + +* Wed Jul 07 2021 Neal Gompa <ngompa@datto.com> - 7.5.1-5 +- Clean up the spec file for legibility and modern spec standards +- Remove unneeded info scriptlets +- Use systemd-sysusers for frr user and frrvty group +- Use git-core instead of git for applying patches +- Drop redundant build dependencies + +* Wed Jul 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4 +- Rebuild for newer abseil-cpp + +* Tue May 11 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-3 +- Rebuild for grpc 1.37 + +* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2 +- Fixing permissions on config files in /etc/frr +- Enabling integrated configuration option for frr + +* Fri Mar 12 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1 +- New version 7.5.1 +- Enabling grpc, adding hostname for post scriptlet +- Moving files to libexec due to selinux issues + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.5-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3 +- Fixing FTBS - icc options are confusing the new gcc + +* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1 +- New version 7.5 + +* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1 +- New version 7.4 + +* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4 +- Rebuilt for new net-snmp release + +* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1 +- New version 7.3.1 +- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773) + +* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6 +- Removing texi2html, it is not available in Rawhide anymore + +* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5 +- Rebuild for new version of libyang + +* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4 +- Rebuild (json-c) + +* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3 +- Update json-c-0.14 patch with a solution from upstream + +* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2 +- Add support for upcoming json-c 0.14.0 + +* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1 +- New version 7.3 + +* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1 +- New version 7.2 + +* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5 +- Rebuilding for new version of libyang + +* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4 +- Adding noreplace to the /etc/frr/daemons file + +* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3 +- New way of finding python version during build +- Replacing crypto of all routing daemons with openssl +- Disabling EIGRP crypto because it is broken +- Disabling crypto in FIPS mode + +* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jun 25 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-1 +- New version 7.1 + +* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2 +- Initial build @@ -0,0 +1,125 @@ +policy_module(frr, 1.0.0) + +######################################## +# +# Declarations +# + +type frr_t; +type frr_exec_t; +init_daemon_domain(frr_t, frr_exec_t) + +type frr_log_t; +logging_log_file(frr_log_t) + +type frr_tmp_t; +files_tmp_file(frr_tmp_t) + +type frr_lock_t; +files_lock_file(frr_lock_t) + +type frr_conf_t; +files_config_file(frr_conf_t) + +type frr_unit_file_t; +systemd_unit_file(frr_unit_file_t) + +type frr_var_run_t; +files_pid_file(frr_var_run_t) + +######################################## +# +# frr local policy +# +allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin }; +allow frr_t self:netlink_route_socket rw_netlink_socket_perms; +allow frr_t self:packet_socket create_socket_perms; +allow frr_t self:process { setcap setpgid }; +allow frr_t self:rawip_socket create_socket_perms; +allow frr_t self:tcp_socket { connect connected_stream_socket_perms }; +allow frr_t self:udp_socket create_socket_perms; +allow frr_t self:unix_stream_socket connectto; + +allow frr_t frr_conf_t:dir list_dir_perms; +manage_files_pattern(frr_t, frr_conf_t, frr_conf_t) +read_lnk_files_pattern(frr_t, frr_conf_t, frr_conf_t) + +manage_dirs_pattern(frr_t, frr_log_t, frr_log_t) +manage_files_pattern(frr_t, frr_log_t, frr_log_t) +manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t) +logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file }) + +allow frr_t frr_tmp_t:file map; +manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t) +manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t) +files_tmp_filetrans(frr_t, frr_tmp_t, { file dir }) + +manage_files_pattern(frr_t, frr_lock_t, frr_lock_t) +manage_lnk_files_pattern(frr_t, frr_lock_t, frr_lock_t) +files_lock_filetrans(frr_t, frr_lock_t, { file lnk_file }) + +manage_dirs_pattern(frr_t, frr_var_run_t, frr_var_run_t) +manage_files_pattern(frr_t, frr_var_run_t, frr_var_run_t) +manage_lnk_files_pattern(frr_t, frr_var_run_t, frr_var_run_t) +manage_sock_files_pattern(frr_t, frr_var_run_t, frr_var_run_t) +files_pid_filetrans(frr_t, frr_var_run_t, { dir file lnk_file }) + +allow frr_t frr_exec_t:dir search_dir_perms; +can_exec(frr_t, frr_exec_t) + +kernel_read_network_state(frr_t) +kernel_rw_net_sysctls(frr_t) +kernel_read_system_state(frr_t) +kernel_request_load_module(frr_t) + +auth_use_nsswitch(frr_t) + +corecmd_exec_bin(frr_t) + +corenet_tcp_bind_appswitch_emp_port(frr_t) +corenet_udp_bind_bfd_control_port(frr_t) +corenet_udp_bind_bfd_echo_port(frr_t) +corenet_udp_bind_bfd_multi_port(frr_t) +corenet_tcp_bind_bgp_port(frr_t) +corenet_tcp_connect_bgp_port(frr_t) +corenet_tcp_bind_cmadmin_port(frr_t) +corenet_udp_bind_cmadmin_port(frr_t) +corenet_tcp_bind_firepower_port(frr_t) +corenet_tcp_bind_generic_port(frr_t) +corenet_tcp_bind_priority_e_com_port(frr_t) +corenet_udp_bind_router_port(frr_t) +corenet_tcp_bind_qpasa_agent_port(frr_t) +corenet_tcp_bind_smntubootstrap_port(frr_t) +corenet_tcp_bind_versa_tek_port(frr_t) +corenet_tcp_bind_zebra_port(frr_t) + +domain_use_interactive_fds(frr_t) + +fs_read_nsfs_files(frr_t) + +sysnet_exec_ifconfig(frr_t) +sysnet_read_ifconfig_run_files(frr_t) +sysnet_watch_ifconfig_run_dirs(frr_t) + +ipsec_domtrans_mgmt(frr_t) + +userdom_read_admin_home_files(frr_t) + +optional_policy(` + logging_send_syslog_msg(frr_t) +') + +optional_policy(` + modutils_exec_kmod(frr_t) + modutils_getattr_module_deps(frr_t) + modutils_read_module_config(frr_t) + modutils_read_module_deps_files(frr_t) +') + +optional_policy(` + networkmanager_read_state(frr_t) +') + +optional_policy(` + userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr") +') @@ -0,0 +1 @@ +6467984e7621f8b8604004839bf9a728 frr-10.1.tar.gz |