From 6f7d03bd3480fcf1210793b8b82460807eee4476 Mon Sep 17 00:00:00 2001
From: Russell Coker <russell@coker.com.au>
Date: Sun, 31 Jul 2016 19:16:36 +1000
Subject: [PATCH] user_udp_server tunable

The following patch adds a tunable user_udp_server for the user domains to
run UDP services.
---
 policy/global_tunables              | 8 ++++++++
 policy/modules/system/userdomain.if | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/policy/global_tunables b/policy/global_tunables
index 4705ab618..affc020f1 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -111,3 +111,11 @@ gen_tunable(use_samba_home_dirs,false)
 ## </p>
 ## </desc>
 gen_tunable(user_tcp_server,false)
+
+## <desc>
+## <p>
+## Allow users to run UDP servers (bind to ports and accept connection from
+## the same domain and outside users)
+## </p>
+## </desc>
+gen_tunable(user_udp_server,false)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 4fde5d88d..6cb93b55c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1041,6 +1041,13 @@ template(`userdom_unpriv_user_template', `
 		corenet_tcp_bind_generic_port($1_t)
 	')
 
+	# Allow users to run UDP servers (bind to ports and accept connection from
+	# the same domain and outside users)
+	tunable_policy(`user_udp_server',`
+		corenet_udp_bind_generic_node($1_t)
+		corenet_udp_bind_generic_port($1_t)
+	')
+
 	optional_policy(`
 		netutils_run_ping_cond($1_t, $1_r)
 		netutils_run_traceroute_cond($1_t, $1_r)