aboutsummaryrefslogtreecommitdiffstats
path: root/roles/prosody
diff options
context:
space:
mode:
Diffstat (limited to 'roles/prosody')
-rw-r--r--roles/prosody/tasks/main.yml7
-rw-r--r--roles/prosody/vars/main.yml10
2 files changed, 10 insertions, 7 deletions
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index c29dd38..1b8bd3a 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -51,13 +51,6 @@
- xmpp-server
tags: firewalld
-- name: enable httpd_can_network_connect SELinux boolean
- seboolean:
- name: httpd_can_network_connect
- state: yes
- persistent: yes
- tags: selinux
-
- name: create roster file with correct permissions
copy:
content: ''
diff --git a/roles/prosody/vars/main.yml b/roles/prosody/vars/main.yml
index d971fb7..438049e 100644
--- a/roles/prosody/vars/main.yml
+++ b/roles/prosody/vars/main.yml
@@ -25,8 +25,14 @@ prosody_selinux_policy_te: |
type gssproxy_t;
type gssproxy_var_lib_t;
type ldap_port_t;
+ type unconfined_service_t;
+ type unreserved_port_t;
+ type sysctl_net_t;
class dir search;
+ class key read;
+ class file { read open getattr};
class sock_file write;
+ class udp_socket name_bind;
class unix_stream_socket connectto;
class tcp_socket name_connect;
}
@@ -36,3 +42,7 @@ prosody_selinux_policy_te: |
allow prosody_t gssproxy_var_lib_t:sock_file write;
allow prosody_t gssproxy_t:unix_stream_socket connectto;
allow prosody_t ldap_port_t:tcp_socket name_connect;
+ allow prosody_t sysctl_net_t:dir search;
+ allow prosody_t sysctl_net_t:file { read open getattr };
+ allow prosody_t unconfined_service_t:key read;
+ allow prosody_t unreserved_port_t:udp_socket name_bind;
generated by cgit (git 2.34.1) at 2024-09-19 13:05:58 -0400