summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--frr.fc1
-rw-r--r--frr.spec2
-rw-r--r--frr.te12
-rw-r--r--sources2
5 files changed, 16 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore
index ed82c93..165dfae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/frr-10.1.tar.gz
/frr-10.1.1.tar.gz
+/frr-10.2.tar.gz
diff --git a/frr.fc b/frr.fc
index 3724f47..881cfee 100644
--- a/frr.fc
+++ b/frr.fc
@@ -6,6 +6,7 @@
/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0)
/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0)
+/var/lib/frr(/.*)? gen_context(system_u:object_r:frr_var_lib_t,s0)
/run/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0)
/run/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0)
diff --git a/frr.spec b/frr.spec
index 57f3a74..fb0c05c 100644
--- a/frr.spec
+++ b/frr.spec
@@ -5,7 +5,7 @@
%define _legacy_common_support 1
Name: frr
-Version: 10.1.1
+Version: 10.2
Release: 1%{?dist}
Summary: Routing daemon
License: GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later OR ISC) AND MIT
diff --git a/frr.te b/frr.te
index 13ed9ac..8d39d90 100644
--- a/frr.te
+++ b/frr.te
@@ -27,12 +27,20 @@ systemd_unit_file(frr_unit_file_t)
type frr_var_run_t;
files_pid_file(frr_var_run_t)
+type frr_var_lib_t;
+files_type(frr_var_lib_t)
+
########################################
#
# frr local policy
#
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
+allow frr_t self:netlink_generic_socket create;
+allow frr_t self:netlink_generic_socket setopt;
+allow frr_t self:netlink_generic_socket getopt;
+allow frr_t self:netlink_generic_socket getattr;
+allow frr_t self:netlink_generic_socket bind;
allow frr_t self:packet_socket create_socket_perms;
allow frr_t self:process { setcap setpgid };
allow frr_t self:rawip_socket create_socket_perms;
@@ -49,6 +57,10 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t)
manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
+manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
+manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
+files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file })
+
allow frr_t frr_tmp_t:file map;
manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
diff --git a/sources b/sources
index 42b1f13..4d3f5a0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b74cc20008df814e6c0ad3b0ddd1123b frr-10.1.1.tar.gz
+521294ca653d4a8f54a28fca5f3faba3 frr-10.2.tar.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-21 01:08:29 +0000