Hello, in our software (Foreman) we use DNS resolver provided by Ruby runtime. This is some kind of optimized thread-safe resolver which ships with the Ruby platform. The problem I am facing is that this implementation randomly binds UDP port when DNS request is sent. Here is the code bit: https://github.com/ruby/ruby/blob/trunk/lib/resolv.rb#L651-L660 This is there from Ruby 1.8.7 until now (trunk) as far as I can tell. Since any Ruby application can leverage this API and expect the same behavior, I'd like to ask if you encounter such an error in Fedora and how do you recommend to solve this. Have you experienced this kind of behavior with non-Ruby DNS clients? Is it safe to allow UDP binds for all unprivileged ports? How to do this technically in my policy? Thanks. -- Later, Lukas #lzap Zapletal -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
