From 6455c9d6b515ebb49d69dcd91de17f6b60a9df06 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Oct 18 2007 22:33:41 +0000
Subject: - Allow rshd to connect to ports > 1023


---

diff --git a/policy-20070703.patch b/policy-20070703.patch
index 44dd69a..041063d 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -7559,7 +7559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.0.8/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ftp.te	2007-10-04 10:58:28.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/ftp.te	2007-10-18 18:32:54.000000000 -0400
 @@ -88,6 +88,7 @@
  allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
  allow ftpd_t self:tcp_socket create_stream_socket_perms;
@@ -9999,7 +9999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  	userdom_read_unpriv_users_tmp_files(gssd_t) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.0.8/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rshd.te	2007-10-18 14:07:32.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/rshd.te	2007-10-18 18:33:05.000000000 -0400
 @@ -16,10 +16,11 @@
  #
  # Local policy
@@ -10018,7 +10018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
  corenet_tcp_bind_all_nodes(rshd_t)
  corenet_tcp_bind_rsh_port(rshd_t)
 +corenet_tcp_bind_all_rpc_ports(rshd_t)
-+corenet_tcp_bind_all_unreserved_ports(rshd_t)
++corenet_tcp_connect_all_ports(rshd_t)
 +corenet_tcp_connect_all_rpc_ports(rshd_t)
  corenet_sendrecv_rsh_server_packets(rshd_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 70b6e07..fcdf473 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -373,10 +373,12 @@ exit 0
 %endif
 
 %changelog
+* Thu Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-26
+- Allow rshd to connect to ports > 1023
+
 * Thu Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-25
 - Fix vpn to bind to port 4500
 - Allow ssh to create shm
-- Allow rshd to bind to ports > 1023
 - Add Kismet policy
 
 * Tue Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-24