From f6c6e703eba75f663b4459422da44cdb66f2b44e Mon Sep 17 00:00:00 2001
From: luhuaxin <1539327763@qq.com>
Date: Thu, 27 May 2021 20:46:18 +0800
Subject: [PATCH] allow rpcbind to bind all port

---
 allow-rpcbind-to-bind-all-port.patch | 24 ++++++++++++++++++++++++
 selinux-policy.spec                  |  6 +++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 allow-rpcbind-to-bind-all-port.patch

diff --git a/allow-rpcbind-to-bind-all-port.patch b/allow-rpcbind-to-bind-all-port.patch
new file mode 100644
index 0000000..ee07e75
--- /dev/null
+++ b/allow-rpcbind-to-bind-all-port.patch
@@ -0,0 +1,24 @@
+From 9c6736b1920930c116a859d5002966c8d8e87dcf Mon Sep 17 00:00:00 2001
+From: luhuaxin <1539327763@qq.com>
+Date: Thu, 27 May 2021 20:06:28 +0800
+Subject: [PATCH] allow rpcbind to bind all port
+
+---
+ policy/modules/contrib/rpcbind.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/contrib/rpcbind.te b/policy/modules/contrib/rpcbind.te
+index bc7a4fa..3a87568 100644
+--- a/policy/modules/contrib/rpcbind.te
++++ b/policy/modules/contrib/rpcbind.te
+@@ -67,6 +67,7 @@ corenet_sendrecv_all_server_packets(rpcbind_t)
+ corenet_tcp_bind_portmap_port(rpcbind_t)
+ corenet_udp_bind_portmap_port(rpcbind_t)
+ corenet_udp_bind_all_rpc_ports(rpcbind_t)
++corenet_udp_bind_all_ports(rpcbind_t)
+ 
+ corecmd_exec_shell(rpcbind_t)
+ 
+-- 
+1.8.3.1
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e6e3aa2..fd87081 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 65
+Release: 66
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -72,6 +72,7 @@ Patch19: add-allow-systemd-timedated-to-unlink-etc-link.patch
 Patch20: add-avc-for-openEuler-1.patch
 Patch21: backport-systemd-allow-all-systemd-services-to-check-selinux-.patch
 Patch22: backport-Allow-dovecot-bind-to-smtp-ports.patch
+Patch23: allow-rpcbind-to-bind-all-port.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -737,6 +738,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Mar 27 2021 luhuaxin <1539327763@qq.com> - 3.14.2-66
+- allow rpcbind to bind all port
+
 * Fri Mar 5 2021 luhuaxin <1539327763@qq.com> - 3.14.2-65
 - selinux_requires macro shouldn't depend on policycoreutils-python
 - add avc for allowing systemd services to check selinux status