3 files changed, 11 insertions, 7 deletions

diff --git a/inventory-example/group_vars/xmpp_servers.yml b/inventory-example/group_vars/xmpp_servers.yml
index dd6b7b4..03e110b 100644
--- a/inventory-example/group_vars/xmpp_servers.yml
+++ b/inventory-example/group_vars/xmpp_servers.yml
@@ -1 +1,2 @@
+apache_can_network_connect: yes
 nagios_https_vhosts: ['{{ prosody_http_host | default(ansible_fqdn) }}']
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index c29dd38..1b8bd3a 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -51,13 +51,6 @@
     - xmpp-server
   tags: firewalld
 
-- name: enable httpd_can_network_connect SELinux boolean
-  seboolean:
-    name: httpd_can_network_connect
-    state: yes
-    persistent: yes
-  tags: selinux
-
 - name: create roster file with correct permissions
   copy:
     content: ''
diff --git a/roles/prosody/vars/main.yml b/roles/prosody/vars/main.yml
index d971fb7..438049e 100644
--- a/roles/prosody/vars/main.yml
+++ b/roles/prosody/vars/main.yml
@@ -25,8 +25,14 @@ prosody_selinux_policy_te: |
     type gssproxy_t;
     type gssproxy_var_lib_t;
     type ldap_port_t;
+    type unconfined_service_t;
+    type unreserved_port_t;
+    type sysctl_net_t;
     class dir search;
+    class key read;
+    class file { read open getattr};
     class sock_file write;
+    class udp_socket name_bind;
     class unix_stream_socket connectto;
     class tcp_socket name_connect;
   }
@@ -36,3 +42,7 @@ prosody_selinux_policy_te: |
   allow prosody_t gssproxy_var_lib_t:sock_file write;
   allow prosody_t gssproxy_t:unix_stream_socket connectto;
   allow prosody_t ldap_port_t:tcp_socket name_connect;
+  allow prosody_t sysctl_net_t:dir search;
+  allow prosody_t sysctl_net_t:file { read open getattr };
+  allow prosody_t unconfined_service_t:key read;
+  allow prosody_t unreserved_port_t:udp_socket name_bind;