Propagate system emphemeral ports to chroot

BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.

Resolves: rhbz#2013595

bind.spec

@@ -30,7 +30,7 @@
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
                                          %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
-                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP
+                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
 
 %global        selinuxbooleans   named_write_master_zones=1
 ## The order of libs is important. See lib/Makefile.in for details
@@ -51,7 +51,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.20
-Release:  4%{?dist}
+Release:  5%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -1062,6 +1062,7 @@ fi;
 %dir %{chroot_prefix}/%{_libdir}
 %dir %{chroot_prefix}/%{_libdir}/bind
 %dir %{chroot_prefix}/%{_datadir}/GeoIP
+%{chroot_prefix}/proc
 %defattr(0660,root,named,01770)
 %dir %{chroot_prefix}%{_localstatedir}/named
 %defattr(0660,named,named,0770)
@@ -1134,6 +1135,9 @@ fi;
 %endif
 
 %changelog
+* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
+- Propagate ephemeral port ranges to chroot (#2013595)
+
 * Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
 - Fixes listening on TCP in some race conditions (#1999691)
 

named-chroot.files

@@ -20,6 +20,7 @@
 /usr/lib/named
 /usr/share/GeoIP
 /run/named
+/proc/sys/net/ipv4/ip_local_port_range
 # Warning: the order is important
 # If a directory containing $ROOTDIR is listed here,
 # it MUST be listed last. (/var/named contains /var/named/chroot)