From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 13 Aug 2011 21:11:06 +0200
Subject: [refpolicy] [PATCH 1/1] Allow NFS daemon to listen on an UDP port
Message-ID: <20110813191106.GA19074@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Support for binding to the UDP port is already applied to the tree, but I guess
this little patch fell off the stack ;-)

To support NFS over UDP, we should allow rpcd_t to listen on a udp_socket.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/rpc.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index 62fca97..3c069d4 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -61,6 +61,7 @@ files_mountpoint(var_lib_nfs_t)
 allow rpcd_t self:capability { sys_admin chown dac_override setgid setuid };
 allow rpcd_t self:process { getcap setcap };
 allow rpcd_t self:fifo_file rw_fifo_file_perms;
+allow rpcd_t self:udp_socket { listen };
 
 allow rpcd_t rpcd_var_run_t:dir setattr;
 manage_files_pattern(rpcd_t, rpcd_var_run_t, rpcd_var_run_t)
-- 
1.7.3.4