diff options
-rw-r--r-- | policy/modules/services/matrixd.te | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/policy/modules/services/matrixd.te b/policy/modules/services/matrixd.te index c396a3d7c..5f092f31c 100644 --- a/policy/modules/services/matrixd.te +++ b/policy/modules/services/matrixd.te @@ -20,6 +20,16 @@ gen_tunable(matrix_allow_federation, true) ## </desc> gen_tunable(matrix_postgresql_connect, false) +## <desc> +## <p> +## Determine whether Matrixd is allowed to bind all +## TCP ports. This is intended for more complex Matrix +## server configurations (e.g. Synapse workers) and may +## be used in lieu of manually labeling each port. +## </p> +## </desc> +gen_tunable(matrix_bind_all_unreserved_tcp_ports, false) + type matrixd_t; type matrixd_exec_t; init_daemon_domain(matrixd_t, matrixd_exec_t) @@ -117,7 +127,11 @@ tunable_policy(`matrix_postgresql_connect',` postgresql_tcp_connect(matrixd_t) ') +tunable_policy(`matrix_bind_all_unreserved_tcp_ports',` + corenet_tcp_bind_all_unreserved_ports(matrixd_t) +') + optional_policy(` apache_search_config(matrixd_t) ') - + |