From d83bf98182cfe4a91836472f52038dbc5723ae71 Mon Sep 17 00:00:00 2001
From: Michal Schorm <mschorm@redhat.com>
Date: Sat, 7 Dec 2019 03:49:46 +0100
Subject: [PATCH] Allow port 4444 in SELinux for Galera SST replication

---
 mariadb.spec | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/mariadb.spec b/mariadb.spec
index 17e5a95..e66f410 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -1232,11 +1232,16 @@ export MTR_BUILD_THREAD=%{__isa_bits}
 
 %if %{with galera}
 %post server-galera
-# Do what README at support-files/policy/selinux/README and upstream page
-# http://galeracluster.com/documentation-webpages/firewallsettings.html recommend:
-semanage port -a -t mysqld_port_t -p tcp 4568 >/dev/null 2>&1 || :
+# Allow ports needed for the replication:
+# https://mariadb.com/kb/en/library/configuring-mariadb-galera-cluster/#network-ports
+#   Galera Replication Port
 semanage port -a -t mysqld_port_t -p tcp 4567 >/dev/null 2>&1 || :
 semanage port -a -t mysqld_port_t -p udp 4567 >/dev/null 2>&1 || :
+#   IST Port
+semanage port -a -t mysqld_port_t -p tcp 4568 >/dev/null 2>&1 || :
+#   SST Port
+semanage port -a -t mysqld_port_t -p tcp 4444 >/dev/null 2>&1 || :
+
 semodule -i %{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp >/dev/null 2>&1 || :
 %endif