aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorStonewall Jackson <stonewall@sacredheartsc.com>2023-03-03 17:31:48 -0500
committerStonewall Jackson <stonewall@sacredheartsc.com>2023-03-03 17:31:48 -0500
commit594ff9610ead86050d7e2e7e21a0eb2e160ae644 (patch)
treeca6eb04dcb7f701abc1e382cd1d4c184db08dc5b /roles
parent6837b64cced5b771c4764602d0dbb2817bf2c0a8 (diff)
downloadselfhosted-594ff9610ead86050d7e2e7e21a0eb2e160ae644.tar.gz
selfhosted-594ff9610ead86050d7e2e7e21a0eb2e160ae644.zip
prosody: updates for 0.12
Diffstat (limited to 'roles')
-rw-r--r--roles/prosody/tasks/main.yml7
-rw-r--r--roles/prosody/vars/main.yml10
2 files changed, 10 insertions, 7 deletions
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index c29dd38..1b8bd3a 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -51,13 +51,6 @@
- xmpp-server
tags: firewalld
-- name: enable httpd_can_network_connect SELinux boolean
- seboolean:
- name: httpd_can_network_connect
- state: yes
- persistent: yes
- tags: selinux
-
- name: create roster file with correct permissions
copy:
content: ''
diff --git a/roles/prosody/vars/main.yml b/roles/prosody/vars/main.yml
index d971fb7..438049e 100644
--- a/roles/prosody/vars/main.yml
+++ b/roles/prosody/vars/main.yml
@@ -25,8 +25,14 @@ prosody_selinux_policy_te: |
type gssproxy_t;
type gssproxy_var_lib_t;
type ldap_port_t;
+ type unconfined_service_t;
+ type unreserved_port_t;
+ type sysctl_net_t;
class dir search;
+ class key read;
+ class file { read open getattr};
class sock_file write;
+ class udp_socket name_bind;
class unix_stream_socket connectto;
class tcp_socket name_connect;
}
@@ -36,3 +42,7 @@ prosody_selinux_policy_te: |
allow prosody_t gssproxy_var_lib_t:sock_file write;
allow prosody_t gssproxy_t:unix_stream_socket connectto;
allow prosody_t ldap_port_t:tcp_socket name_connect;
+ allow prosody_t sysctl_net_t:dir search;
+ allow prosody_t sysctl_net_t:file { read open getattr };
+ allow prosody_t unconfined_service_t:key read;
+ allow prosody_t unreserved_port_t:udp_socket name_bind;