selinux-policy/fix_userdomain.patch

Index: fedora-policy-20220624/policy/modules/system/userdomain.if
===================================================================
--- fedora-policy-20220624.orig/policy/modules/system/userdomain.if
+++ fedora-policy-20220624/policy/modules/system/userdomain.if
@@ -1497,6 +1497,7 @@ tunable_policy(`deny_bluetooth',`',`
 
 	# port access is audited even if dac would not have allowed it, so dontaudit it here
 #	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
+	corenet_dontaudit_udp_bind_all_rpc_ports($1_t)
 	# Need the following rule to allow users to run vpnc
 	corenet_tcp_bind_xserver_port($1_t)
 	corenet_tcp_bind_generic_node($1_usertype)
Accepting request 988924 from home:jsegitz:branches:security:SELinux - Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t (bsc#1200911) - postfix: Label PID files and some helpers correctly (bsc#1197242) - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) OBS-URL: https://build.opensuse.org/request/show/988924 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=134 2022-07-13 10:15:29 +02:00			`Index: fedora-policy-20220624/policy/modules/system/userdomain.if`
			`===================================================================`
			`--- fedora-policy-20220624.orig/policy/modules/system/userdomain.if`
			`+++ fedora-policy-20220624/policy/modules/system/userdomain.if`
			@@ -1497,6 +1497,7 @@ tunable_policy(`deny_bluetooth',`',`

			`# port access is audited even if dac would not have allowed it, so dontaudit it here`
			`# corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)`
			`+ corenet_dontaudit_udp_bind_all_rpc_ports($1_t)`
			`# Need the following rule to allow users to run vpnc`
			`corenet_tcp_bind_xserver_port($1_t)`
			`corenet_tcp_bind_generic_node($1_usertype)`