diff --git a/add-allow-httpd_t-ricci-and-unreserved-port.patch b/add-allow-httpd_t-ricci-and-unreserved-port.patch
new file mode 100644
index 0000000000000000000000000000000000000000..20977f70d9275c27051ab11620306ec356a0f61a
--- /dev/null
+++ b/add-allow-httpd_t-ricci-and-unreserved-port.patch
@@ -0,0 +1,26 @@
+From 506238db3ce697e33fd55e0cf2c723675540d334 Mon Sep 17 00:00:00 2001
+From: lujie42 <572084868@qq.com>
+Date: Thu, 9 Sep 2021 17:02:15 +0800
+Subject: [PATCH] add allow httpd_t ricci and unreserved port
+
+Signed-off-by: lujie42 <572084868@qq.com>
+---
+ policy/modules/contrib/apache.te | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
+index 390065c..f15bc7b 100644
+--- a/policy/modules/contrib/apache.te
++++ b/policy/modules/contrib/apache.te
+@@ -1842,3 +1842,8 @@ optional_policy(`
+         keystone_read_log(httpd_t)
+     ')
+ ')
++
++optional_policy(`
++    corenet_tcp_connect_ricci_port(httpd_t)
++    corenet_tcp_connect_unreserved_ports(httpd_t)
++')
+-- 
+1.8.3.1
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 89584a2d9b4548dfdf021f3c2e147fcbf8d8a1df..ab8d7ef522bba5a5904259b1fc30be9046cb14f0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 75
+Release: 76
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -117,6 +117,7 @@ Patch6039: backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch
 Patch9000: add-qemu_exec_t-for-stratovirt.patch
 Patch9001: add-avc-for-systemd-selinux-page.patch
 Patch9002: add-allow-rasdaemon-cap_sys_admin.patch
+Patch9003: add-allow-httpd_t-ricci-and-unreserved-port.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -783,6 +784,9 @@ exit 0
 %endif
 
 %changelog
+* Sat Sep 11 2021 lujie42 <572084868@qq.com> - 3.14.2-76
+- Add allow httpd_t ricci and unreserved port
+
 * Tue Sep 7 2021 lujie42 <572084868@qq.com> - 3.14.2-75
 - Add allow rasdaemon cap_sys_admin