packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!77 Fix selinux preventing ovs-kmod-ctl err

Browse Source 
From: @shirely16
Reviewed-by: @lujie42,@zengwefeng
Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot 2021-09-07 01:11:33 +00:00 committed by Gitee
commit 5c57125861
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
fix-selinux-err.patch Normal file
View File

@ -0,0 +1,41 @@
From 3b35964c7da2a4000486c57e2c347c8cc67ac393 Mon Sep 17 00:00:00 2001
Date: Wed, 1 Sep 2021 16:54:34 +0800
Subject: [PATCH] openvswitch-2
---
selinux/openvswitch-custom.te.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index b2c63ab..8f76c14 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -15,10 +15,12 @@ require {
type ifconfig_exec_t;
type init_t;
type init_var_run_t;
+ type initrc_t;
type insmod_exec_t;
type kernel_t;
type hostname_exec_t;
type modules_conf_t;
+ type modules_dep_t;
type modules_object_t;
type passwd_file_t;
type plymouth_exec_t;
@@ -117,10 +119,12 @@ allow openvswitch_t openvswitch_load_module_t:process transition;
allow openvswitch_load_module_t bin_t:file { execute execute_no_trans map };
allow openvswitch_load_module_t init_t:unix_stream_socket { getattr ioctl read write };
allow openvswitch_load_module_t init_var_run_t:dir { getattr read open search };
+allow openvswitch_load_module_t initrc_t:fifo_file ioctl;
allow openvswitch_load_module_t insmod_exec_t:file { execute execute_no_trans getattr map open read };
allow openvswitch_load_module_t kernel_t:system module_request;
allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
+allow openvswitch_load_module_t modules_dep_t:file open;
allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };
--
2.27.0

7
openvswitch.spec
View File

@ -6,7 +6,7 @@ Summary: Production Quality, Multilayer Open Virtual Switch
URL: http://www.openvswitch.org/ URL: http://www.openvswitch.org/
Version: 2.12.0 Version: 2.12.0
License: ASL 2.0 and ISC License: ASL 2.0 and ISC
Release: 18 Release: 19
Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
Buildroot: /tmp/openvswitch-rpm Buildroot: /tmp/openvswitch-rpm
Patch0000: 0000-openvswitch-add-stack-protector-strong.patch Patch0000: 0000-openvswitch-add-stack-protector-strong.patch
@ -19,6 +19,8 @@ Patch0006: CVE-2020-27827.patch
Patch0007: CVE-2015-8011.patch Patch0007: CVE-2015-8011.patch
Patch0008: backport-CVE-2021-36980.patch Patch0008: backport-CVE-2021-36980.patch
Patch9000: fix-selinux-err.patch
Requires: logrotate hostname python >= 3.8 python3-six selinux-policy-targeted Requires: logrotate hostname python >= 3.8 python3-six selinux-policy-targeted
BuildRequires: python3-six, openssl-devel checkpolicy selinux-policy-devel autoconf automake libtool python-sphinx unbound-devel BuildRequires: python3-six, openssl-devel checkpolicy selinux-policy-devel autoconf automake libtool python-sphinx unbound-devel
BuildRequires: python3-devel BuildRequires: python3-devel
@ -288,6 +290,9 @@ exit 0
%doc README.rst NEWS rhel/README.RHEL.rst %doc README.rst NEWS rhel/README.RHEL.rst
%changelog %changelog
* Thu Sep 2 2021 hanhui <hanhui15@huawei.com> - 2.12.0-19
- Fix selinux preventing ovs-kmod-ctl err
* Wed Sep 1 2021 hanhui <hanhui15@huawei.com> - 2.12.0-18 * Wed Sep 1 2021 hanhui <hanhui15@huawei.com> - 2.12.0-18
- Change the OVS startup mode to service startup. - Change the OVS startup mode to service startup.