feat: add mpls ldp to frrouting module
- update frr templates (add ldp/mpls) - add params to frr class to manage mpls ldp - add sysctl settings to hieradata for mpls - load kernel modules for mpls - add selinux module for frr
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
# this is a modification to frr-selinux that ships with EL9, adding support for frr10
|
||||
class profiles::selinux::frr {
|
||||
|
||||
$frr_te_content = @("EOF")
|
||||
module frr_local 1.0;
|
||||
|
||||
require {
|
||||
type frr_t;
|
||||
type initrc_t;
|
||||
type kernel_t;
|
||||
type var_run_t;
|
||||
type frr_tmp_t;
|
||||
type frr_var_run_t;
|
||||
type init_t;
|
||||
class unix_stream_socket connectto;
|
||||
class system module_request;
|
||||
class sock_file { getattr write };
|
||||
class dir { add_name write };
|
||||
class file { create write open };
|
||||
class process setpgid;
|
||||
}
|
||||
|
||||
#============= frr_t ==============
|
||||
allow frr_t initrc_t:unix_stream_socket connectto;
|
||||
allow frr_t kernel_t:system module_request;
|
||||
allow frr_t var_run_t:sock_file { getattr write };
|
||||
|
||||
#============= init_t ==============
|
||||
allow init_t frr_tmp_t:dir add_name;
|
||||
allow init_t frr_var_run_t:dir { write add_name };
|
||||
allow init_t frr_var_run_t:file { create open write };
|
||||
allow init_t self:process setpgid;
|
||||
| EOF
|
||||
|
||||
selinux::module { 'frr_local':
|
||||
ensure => 'present',
|
||||
content_te => $frr_te_content,
|
||||
builder => 'simple',
|
||||
before => Service['frr'],
|
||||
}
|
||||
|
||||
selboolean { 'domain_can_mmap_files':
|
||||
value => 'on',
|
||||
persistent => true,
|
||||
before => Service['frr'],
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user