Tor patch from Dan Walsh.

policy/modules/services/tor.fc

@@ -5,5 +5,8 @@
 /usr/sbin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)
 
 /var/lib/tor(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+/var/lib/tor-data(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+
 /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
+
 /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)

policy/modules/services/tor.te

@@ -1,11 +1,19 @@
 
-policy_module(tor, 1.6.0)
+policy_module(tor, 1.6.1)
 
 ########################################
 #
 # Declarations
 #
 
+## <desc>
+## <p>
+## Allow tor daemon to bind
+## tcp sockets to all unreserved ports.
+## </p>
+## </desc>
+gen_tunable(tor_bind_all_unreserved_ports, false)
+
 type tor_t;
 type tor_exec_t;
 init_daemon_domain(tor_t, tor_exec_t)
@@ -89,11 +97,16 @@ domain_use_interactive_fds(tor_t)
 
 files_read_etc_files(tor_t)
 files_read_etc_runtime_files(tor_t)
+files_read_usr_files(tor_t)
 
 auth_use_nsswitch(tor_t)
 
 miscfiles_read_localization(tor_t)
 
+tunable_policy(`tor_bind_all_unreserved_ports', `
+	corenet_tcp_bind_all_unreserved_ports(tor_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(tor_t)
 ')