++##
++## Determine whether swift can
++## connect to all TCP ports
++##
++##
++gen_tunable(swift_can_network, false)
++
++
+type swift_t;
+type swift_exec_t;
+init_daemon_domain(swift_t, swift_exec_t)
@@ -95299,7 +95332,14 @@ index 0000000..9ee77b2
+kernel_read_system_state(swift_t)
+kernel_read_network_state(swift_t)
+
++# bug in swift
++corenet_tcp_bind_xserver_port(swift_t)
++corenet_tcp_bind_http_cache_port(swift_t)
++
++corenet_tcp_connect_xserver_port(swift_t)
++
+corecmd_exec_shell(swift_t)
++corecmd_exec_bin(swift_t)
+
+dev_read_urand(swift_t)
+
@@ -95317,6 +95357,12 @@ index 0000000..9ee77b2
+
+userdom_dontaudit_search_user_home_dirs(swift_t)
+
++tunable_policy(`swift_can_network',`
++ corenet_sendrecv_all_client_packets(swift_t)
++ corenet_tcp_connect_all_ports(swift_t)
++ corenet_tcp_sendrecv_all_ports(swift_t)
++')
++
+optional_policy(`
+ rpm_exec(swift_t)
+ rpm_dontaudit_manage_db(swift_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f199f12..f9ab584 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 168%{?dist}
+Release: 169%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,11 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Tue Jun 17 2014 Lukas Vrabec