Greetings! The ejabberd Fedora package has its own SELinux policy module that it ships[0]. A user has reported an issue with an SELinux denial with the default ejabberd config[1]. I spent some time trying to modify the policy to allow the name_bind on the port, but it seems that my attempts result in it still being denied: allow ejabberd_t unreserved_port_t:udp_socket name_bind; As I commented on the ticket, I also found that setting the nis_enabled bool on my system to true would solve the problem. However, I think it would be ideal if I could adjust the ejabberd module to do this on the users' behalf, as it is not obvious to the average user (or even to me) that this boolean could be the solution to the problem. Is there something I could adjust in the ejabberd policy that would resolve this issue? Thanks. [0] https://src.fedoraproject.org/rpms/ejabberd/blob/rawhide/f/ejabberd.te [1] https://bugzilla.redhat.com/show_bug.cgi?id=1901466
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
