packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

repair service startup failed

Browse Source
This commit is contained in:
zhouwenpei 2023-11-21 03:15:35 +00:00
parent 1c51ca97bd
commit 2d3fb6daaf
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
fix-selinux-err.patch Normal file
View File

@ -0,0 +1,41 @@
From 3b35964c7da2a4000486c57e2c347c8cc67ac393 Mon Sep 17 00:00:00 2001
Date: Wed, 1 Sep 2021 16:54:34 +0800
Subject: [PATCH] openvswitch-2
---
selinux/openvswitch-custom.te.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index b2c63ab..8f76c14 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -15,10 +15,12 @@ require {
type ifconfig_exec_t;
type init_t;
type init_var_run_t;
+ type initrc_t;
type insmod_exec_t;
type kernel_t;
type hostname_exec_t;
type modules_conf_t;
+ type modules_dep_t;
type modules_object_t;
type passwd_file_t;
type plymouth_exec_t;
@@ -117,10 +119,12 @@ allow openvswitch_t openvswitch_load_module_t:process transition;
allow openvswitch_load_module_t bin_t:file { execute execute_no_trans map };
allow openvswitch_load_module_t init_t:unix_stream_socket { getattr ioctl read write };
allow openvswitch_load_module_t init_var_run_t:dir { getattr read open search };
+allow openvswitch_load_module_t initrc_t:fifo_file ioctl;
allow openvswitch_load_module_t insmod_exec_t:file { execute execute_no_trans getattr map open read };
allow openvswitch_load_module_t kernel_t:system module_request;
allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
+allow openvswitch_load_module_t modules_dep_t:file { getattr map open read };
allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };
--
2.27.0

10
openvswitch.spec
View File

@ -3,7 +3,7 @@ Summary: Production Quality, Multilayer Open Virtual Switch
URL: http://www.openvswitch.org/
Version: 2.12.4
License: ASL 2.0 and ISC
Release: 6
Release: 7
Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
Buildroot: /tmp/openvswitch-rpm
Patch0000: 0000-openvswitch-add-stack-protector-strong.patch
@ -14,6 +14,8 @@ Patch0004: backport-CVE-2022-4338.patch
Patch0005: backport-CVE-2023-1668.patch
Patch0006: backport-CVE-2023-5366.patch
Patch9000: fix-selinux-err.patch
Requires: %{name}-help
Requires: logrotate hostname python >= 2.7 python2-six selinux-policy-targeted libsepol >= 3.1
BuildRequires: python2-six, openssl-devel checkpolicy selinux-policy-devel autoconf automake libtool python-sphinx unbound-devel
@ -285,6 +287,12 @@ exit 0
%doc LICENSE
%changelog
* Tue Nov 21 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.4-7
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:repair service startup failed
* Sat Oct 07 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.4-6
- fix CVE-2023-5366