https://bugzilla.redhat.com/show_bug.cgi?id=1424823
--- Comment #3 from Randy Barlow <ra...@electronsweatshop.com> --- As noted in https://bugzilla.redhat.com/show_bug.cgi?id=1429126, I have written a new SELinux policy and submitted it to the fedora selinux-policy-contrib module: https://github.com/fedora-selinux/selinux-policy-contrib/pull/8 https://github.com/fedora-selinux/selinux-policy-contrib/pull/7 Once that is accepted, merged, and released into Fedora 26+, we will also need to adjust a few things on the ejabberd side to be compliant. For one, I wasn't able to get ejabberd working with policykit and SELinux enforcing, so I may drop the policy kit patch. It would fail with this error message: ejabberdctl[22397]: Refusing to render service to dead parents. Secondly, we no longer need to use /bin/bash to launch ejabberdctl in the unit file, and we also cannot use PrivateDevices=true because that will prevent the domain transition from being allowed. Because we have to wait on the pull requests, I'm going to attach a git diff of what I have in my checkout right now here. This git diff isn't quite what we'll want, because it makes an ejabberd-selinux subpackage (which I used for testing purposes while developing the policy), but it has some of the changes we'll need. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ erlang mailing list -- erlang@lists.fedoraproject.org To unsubscribe send an email to erlang-le...@lists.fedoraproject.org
