From 23a0cb85e78deca55835b7e4964a8c19d6aa508e Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Sat, 30 May 2015 16:42:54 +0400
Subject: portage: connect all unreserved for FTP PASV mode.

FTP PASV mode does not use specific ports, so the only way is to allow
all unreserved.

avc:  denied  { name_connect } for  pid=5274 comm="wget" dest=26213
scontext=root:sysadm_r:portage_fetch_t
tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket
permissive=0

Gentoo bug 540056
---
 policy/modules/contrib/portage.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te
index 83d6ab4a9..2e8ab9e53 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -295,6 +295,8 @@ corenet_sendrecv_rsync_client_packets(portage_fetch_t)
 # it occasionally comes up
 corenet_tcp_connect_all_reserved_ports(portage_fetch_t)
 corenet_tcp_connect_generic_port(portage_fetch_t)
+# bug 540056
+corenet_tcp_connect_all_unreserved_ports(portage_fetch_t)
 
 dev_dontaudit_read_rand(portage_fetch_t)
 
-- 
cgit v1.2.3-65-gdbad