> corenet_udp_bind_generic_port() For the record, the reason the randomization is a weakness in DNS protocol: http://linuxsysadminblog.com/2008/12/how-to-check-if-your-dns-server-implements-source-port-randomization/ or https://www.dns-oarc.net/oarc/services/porttest In the core policy, I see djbdns having the very same macro. Surprisingly, bind does not have it (or I missed it). -- Later, Lukas #lzap Zapletal -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
