BZ 739708 Selinux fix for ephemeral ports

author: Ade Lee <alee@redhat.com> 2012-02-23 17:49:29 -0500
committer: Ade Lee <alee@redhat.com> 2012-02-23 21:02:02 -0500
commit: 0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01 (patch)
tree: d13f6939bf117a2494b738f71f7a5fa07096527b /pki/base
parent: 5d293f5e51a1c79ea1727431cda6a5d17f1378c5 (diff)
download: pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.gz
pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.xz
pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 47e34e861..0709176ea 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -192,6 +192,9 @@ template(`pki_ca_template',`
         #connect to ldap
         corenet_tcp_connect_ldap_port($1_t)
 
+        # tomcat connects to ephemeral ports on shutdown
+        corenet_tcp_connect_all_unreserved_ports($1_t)
+
         optional_policy(`
             #This is broken in selinux-policy we need java_exec defined, Will add to policy
             gen_require(`
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index f506553ee..7f6e65738 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,10.0.1)
+policy_module(pki,10.0.2)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;
author	Ade Lee <alee@redhat.com>	2012-02-23 17:49:29 -0500
committer	Ade Lee <alee@redhat.com>	2012-02-23 21:02:02 -0500
commit	0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01 (patch)
tree	d13f6939bf117a2494b738f71f7a5fa07096527b /pki/base
parent	5d293f5e51a1c79ea1727431cda6a5d17f1378c5 (diff)
download	pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.gz pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.tar.xz pki-0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01.zip