We went back and reread the bindreservport code in glibc.
Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.
The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.
So we need to change corenetwork to reflect this.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: corenetwork.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100714/dcb7a106/attachment.pl
On 07/14/10 08:47, Daniel J Walsh wrote:
> We went back and reread the bindreservport code in glibc.
>
> Turns out the range or ports that this will reserve are 512-1024 rather
> then 600-1024.
>
> The code actually first tries to reserve a port from 600-1024 and if
> they are ALL reserved will try 512-599.
>
> So we need to change corenetwork to reflect this.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com