From 1060be51ac2adbb1a6425e7a5052e0dbcc0cf1e3 Mon Sep 17 00:00:00 2001
From: Carl George <carl@george.computer>
Date: Oct 19 2018 18:26:37 +0000
Subject: Define UDP 80/443 as selinux http_port_t for QUIC rhbz#1608548


---

diff --git a/caddy.spec b/caddy.spec
index 39d217a..2839532 100644
--- a/caddy.spec
+++ b/caddy.spec
@@ -347,6 +347,11 @@ if [ -x /usr/sbin/semanage -a -x /usr/sbin/restorecon ]; then
     semanage fcontext --add --type httpd_var_lib_t     '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || :
     restorecon -r %{_bindir}/caddy %{_datadir}/caddy %{_sysconfdir}/caddy %{_sharedstatedir}/caddy || :
 fi
+if [ -x /usr/sbin/semanage ]; then
+    # QUIC
+    semanage port --add --type http_port_t --proto udp 80   2> /dev/null || :
+    semanage port --add --type http_port_t --proto udp 443  2> /dev/null || :
+fi
 
 
 %preun
@@ -367,6 +372,9 @@ if [ $1 -eq 0 ]; then
         semanage fcontext --delete --type httpd_sys_content_t '%{_datadir}/caddy(/.*)?'        2> /dev/null || :
         semanage fcontext --delete --type httpd_config_t      '%{_sysconfdir}/caddy(/.*)?'     2> /dev/null || :
         semanage fcontext --delete --type httpd_var_lib_t     '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || :
+        # QUIC
+        semanage port     --delete --type http_port_t --proto udp 80   2> /dev/null || :
+        semanage port     --delete --type http_port_t --proto udp 443  2> /dev/null || :
     fi
 fi
 
@@ -391,6 +399,7 @@ fi
 %changelog
 * Fri Oct 19 2018 Carl George <carl@george.computer> - 0.11.0-3
 - Enable httpd_can_network_connect selinux boolean to connect to ACME endpoint rhbz#1641158
+- Define UDP 80/443 as selinux http_port_t for QUIC rhbz#1608548
 
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild