From 0df68f85d453e5fb087a2cf04dc5d3ce4bcdff01 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Thu, 23 Feb 2012 17:49:29 -0500
Subject: BZ 739708 Selinux fix for ephemeral ports

---
 pki/base/selinux/src/pki.if | 3 +++
 pki/base/selinux/src/pki.te | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 47e34e861..0709176ea 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -192,6 +192,9 @@ template(`pki_ca_template',`
         #connect to ldap
         corenet_tcp_connect_ldap_port($1_t)
 
+        # tomcat connects to ephemeral ports on shutdown
+        corenet_tcp_connect_all_unreserved_ports($1_t)
+
         optional_policy(`
             #This is broken in selinux-policy we need java_exec defined, Will add to policy
             gen_require(`
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index f506553ee..7f6e65738 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,10.0.1)
+policy_module(pki,10.0.2)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;
-- 
cgit