From 5c9da7c5f954b154f52c2d301f5817d9aef9d633 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 13 Oct 2021 11:21:00 +0200
Subject: [PATCH] Propagate system emphemeral ports to chroot

BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.

Resolves: rhbz#2013595
---
 bind.spec          | 8 ++++++--
 named-chroot.files | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/bind.spec b/bind.spec
index 81b9a37..02eea08 100644
--- a/bind.spec
+++ b/bind.spec
@@ -30,7 +30,7 @@
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
                                          %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
-                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP
+                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
 
 %global        selinuxbooleans   named_write_master_zones=1
 ## The order of libs is important. See lib/Makefile.in for details
@@ -51,7 +51,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.20
-Release:  4%{?dist}
+Release:  5%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -1062,6 +1062,7 @@ fi;
 %dir %{chroot_prefix}/%{_libdir}
 %dir %{chroot_prefix}/%{_libdir}/bind
 %dir %{chroot_prefix}/%{_datadir}/GeoIP
+%{chroot_prefix}/proc
 %defattr(0660,root,named,01770)
 %dir %{chroot_prefix}%{_localstatedir}/named
 %defattr(0660,named,named,0770)
@@ -1134,6 +1135,9 @@ fi;
 %endif
 
 %changelog
+* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
+- Propagate ephemeral port ranges to chroot (#2013595)
+
 * Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
 - Fixes listening on TCP in some race conditions (#1999691)
 
diff --git a/named-chroot.files b/named-chroot.files
index 9a768e4..75e6aa1 100644
--- a/named-chroot.files
+++ b/named-chroot.files
@@ -20,6 +20,7 @@
 /usr/lib/named
 /usr/share/GeoIP
 /run/named
+/proc/sys/net/ipv4/ip_local_port_range
 # Warning: the order is important
 # If a directory containing $ROOTDIR is listed here,
 # it MUST be listed last. (/var/named contains /var/named/chroot)