diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4 index 6ceddc8..5ef5f78 100644 --- a/policy/modules/kernel/corenetwork.te.m4 +++ b/policy/modules/kernel/corenetwork.te.m4 @@ -77,10 +77,9 @@ type $1_node_t alias node_$1_t, node_type; declare_nodes($1_node_t,shift($*)) ') +# bindresvport in glibc starts searching for reserved ports at 600 define(`declare_ports',`dnl -ifelse(eval(range_start($3) < 1024),1,` -typeattribute $1 reserved_port_type; -#bindresvport in glibc starts searching for reserved ports at 600 +ifelse(eval(range_start($3) < 1024),1,`typeattribute $1 reserved_port_type; ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl') ',`dnl') portcon $2 $3 gen_context(system_u:object_r:$1,$4) @@ -94,7 +93,7 @@ define(`network_port',` type $1_port_t, port_type; type $1_client_packet_t, packet_type, client_packet_type; type $1_server_packet_t, packet_type, server_packet_type; -declare_ports($1_port_t,shift($*)) +declare_ports($1_port_t,shift($*))dnl ') #