From ed8559effab9935a869315f7fb43fdad527c33e9 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 29 Apr 2020 17:29:43 -0400 Subject: [PATCH] - Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000. --- unbound.conf | 1 + unbound.spec | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/unbound.conf b/unbound.conf index 6fa1c45..8f7d9f6 100644 --- a/unbound.conf +++ b/unbound.conf @@ -105,6 +105,7 @@ server: # are present, they are processed in order. # Our SElinux policy does not allow non-ephemeral ports to be used outgoing-port-avoid: 0-32767 + outgoing-port-avoid: 61000-65535 # number of outgoing simultaneous tcp buffers to hold per thread. # outgoing-num-tcp: 10 diff --git a/unbound.spec b/unbound.spec index efc22a5..e65ce30 100644 --- a/unbound.spec +++ b/unbound.spec @@ -36,7 +36,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.10.0 -Release: 2%{?extra_version:.%{extra_version}}%{?dist} +Release: 3%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://nlnetlabs.nl/projects/unbound/ Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz @@ -448,6 +448,9 @@ popd %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog +* Wed Apr 29 2020 Paul Wouters - 1.10.0-3 +- Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000. + * Thu Apr 16 2020 Artem Egorenkov - 1.10.0-2 - Resolves: rhbz#1824536 unbound crash