BZ 739708 Selinux fix for ephemeral ports

author: Ade Lee <alee@redhat.com> 2012-02-23 17:49:29 -0500
committer: Ade Lee <alee@redhat.com> 2012-02-23 21:07:09 -0500
commit: 517c6f70fb15b3d0b2a9b17418ca5dbddc419520 (patch)
tree: 11e349b3e0d58d787543307b0b6da8f443833705
parent: 6ac435844ebde7ec25937f2e6285f723851c04fa (diff)
download: pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.tar.gz
pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.tar.xz
pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 47e34e861..0709176ea 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -192,6 +192,9 @@ template(`pki_ca_template',`
         #connect to ldap
         corenet_tcp_connect_ldap_port($1_t)
 
+        # tomcat connects to ephemeral ports on shutdown
+        corenet_tcp_connect_all_unreserved_ports($1_t)
+
         optional_policy(`
             #This is broken in selinux-policy we need java_exec defined, Will add to policy
             gen_require(`
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index 56e8dacf3..089859c85 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,9.0.1)
+policy_module(pki,9.0.2)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;
author	Ade Lee <alee@redhat.com>	2012-02-23 17:49:29 -0500
committer	Ade Lee <alee@redhat.com>	2012-02-23 21:07:09 -0500
commit	517c6f70fb15b3d0b2a9b17418ca5dbddc419520 (patch)
tree	11e349b3e0d58d787543307b0b6da8f443833705
parent	6ac435844ebde7ec25937f2e6285f723851c04fa (diff)
download	pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.tar.gz pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.tar.xz pki-517c6f70fb15b3d0b2a9b17418ca5dbddc419520.zip