Description of problem: From Katello we want to install a custom broker.xml to expose a STOMP listener at port 61613. This results in SELinux denials: type=AVC msg=audit(1583850201.051:96): avc: denied { name_bind } for pid=3668 comm=5468726561642D3020286163746976 src=61613 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 Discussed with Kevin and Barnaby a solution to add a SELinux boolean that Katello can toggle to 'true' from the installer to allow this port binding. Otherwise it will be disabled by default for non-Katello installations. Related reading for selinux booleans: https://github.com/SELinuxProject/refpolicy/blob/3039bde79c55dff7801a1b83e96df62b2c3e0b39/policy/modules/services/apache.te https://github.com/SELinuxProject/refpolicy/blob/a6576234c87e56f10116fc8595d0832bad87c1a2/policy/modules/services/apache.if