selinux-policy/Fixing-range-for-ephemeral-ports-BZ-1518807.patch

From f135894a52444d4912050f7b4d449f495241e791 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Wed, 12 Dec 2018 15:55:16 +0100
Subject: [PATCH 043/109] Fixing range for ephemeral ports BZ(1518807)

Range of ephemeral ports is 32768-60999 based on:

 # sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768    60999
---
 policy/modules/kernel/corenetwork.te.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index ff8ce41e8..b9b1f21e9 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -398,10 +398,10 @@ portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
 portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
 portcon sctp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
 portcon tcp 1024-32767 gen_context(system_u:object_r:unreserved_port_t, s0)
-portcon tcp 32768-61000 gen_context(system_u:object_r:ephemeral_port_t, s0)
+portcon tcp 32768-60999 gen_context(system_u:object_r:ephemeral_port_t, s0)
 portcon tcp 61001-65535 gen_context(system_u:object_r:unreserved_port_t, s0)
 portcon udp 1024-32767 gen_context(system_u:object_r:unreserved_port_t, s0)
-portcon udp 32768-61000 gen_context(system_u:object_r:ephemeral_port_t, s0)
+portcon udp 32768-60999 gen_context(system_u:object_r:ephemeral_port_t, s0)
 portcon udp 61001-65535 gen_context(system_u:object_r:unreserved_port_t, s0)
 
 ########################################
-- 
2.19.1