Allow STUN/TURN in SELinux policy (#1901466)

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>

2 files changed, 5 insertions, 2 deletions

diff --git a/ejabberd.spec b/ejabberd.spec
index 0f58db2..09377bd 100644
--- a/ejabberd.spec
+++ b/ejabberd.spec
@@ -37,7 +37,7 @@
 
 Name:           ejabberd
 Version:        20.07
-Release:        4%{?dist}
+Release:        5%{?dist}
 BuildArch:      noarch
 
 License:        GPLv2+
@@ -419,6 +419,9 @@ fi
 
 
 %changelog
+* Sat Aug 07 2021 Randy Barlow <bowlofeggs@fedoraproject.org> - 20.07-5
+- Allow to bind to name_bind on udp (#1901466).
+
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20.07-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
diff --git a/ejabberd.te b/ejabberd.te
index 2d2a157..187bcf0 100644
--- a/ejabberd.te
+++ b/ejabberd.te
@@ -1,6 +1,5 @@
 policy_module(ejabberd,0.0)
 
-
 ########################################
 #
 # Declarations
@@ -25,6 +24,7 @@ logging_log_file(ejabberd_var_log_t)
 allow ejabberd_t self:tcp_socket { accept bind connect create getattr getopt listen name_bind read setopt write };
 allow ejabberd_t self:udp_socket { bind connect create getattr getopt read setopt write };
 allow ejabberd_t self:unix_dgram_socket { connect create getopt setopt write };
+allow ejabberd_t unreserved_port_t:udp_socket name_bind;
 
 auth_use_nsswitch(ejabberd_t)