From 594ff9610ead86050d7e2e7e21a0eb2e160ae644 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Fri, 3 Mar 2023 17:31:48 -0500
Subject: prosody: updates for 0.12

---
 roles/prosody/tasks/main.yml |  7 -------
 roles/prosody/vars/main.yml  | 10 ++++++++++
 2 files changed, 10 insertions(+), 7 deletions(-)

(limited to 'roles/prosody')

diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index c29dd38..1b8bd3a 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -51,13 +51,6 @@
     - xmpp-server
   tags: firewalld
 
-- name: enable httpd_can_network_connect SELinux boolean
-  seboolean:
-    name: httpd_can_network_connect
-    state: yes
-    persistent: yes
-  tags: selinux
-
 - name: create roster file with correct permissions
   copy:
     content: ''
diff --git a/roles/prosody/vars/main.yml b/roles/prosody/vars/main.yml
index d971fb7..438049e 100644
--- a/roles/prosody/vars/main.yml
+++ b/roles/prosody/vars/main.yml
@@ -25,8 +25,14 @@ prosody_selinux_policy_te: |
     type gssproxy_t;
     type gssproxy_var_lib_t;
     type ldap_port_t;
+    type unconfined_service_t;
+    type unreserved_port_t;
+    type sysctl_net_t;
     class dir search;
+    class key read;
+    class file { read open getattr};
     class sock_file write;
+    class udp_socket name_bind;
     class unix_stream_socket connectto;
     class tcp_socket name_connect;
   }
@@ -36,3 +42,7 @@ prosody_selinux_policy_te: |
   allow prosody_t gssproxy_var_lib_t:sock_file write;
   allow prosody_t gssproxy_t:unix_stream_socket connectto;
   allow prosody_t ldap_port_t:tcp_socket name_connect;
+  allow prosody_t sysctl_net_t:dir search;
+  allow prosody_t sysctl_net_t:file { read open getattr };
+  allow prosody_t unconfined_service_t:key read;
+  allow prosody_t unreserved_port_t:udp_socket name_bind;
-- 
cgit