Greetings!
The ejabberd Fedora package has its own SELinux policy module that it ships[0]. A user has reported an issue with an SELinux denial with the default ejabberd config[1].
I spent some time trying to modify the policy to allow the name_bind on the port, but it seems that my attempts result in it still being denied:
allow ejabberd_t unreserved_port_t:udp_socket name_bind;
As I commented on the ticket, I also found that setting the nis_enabled bool on my system to true would solve the problem.
However, I think it would be ideal if I could adjust the ejabberd module to do this on the users' behalf, as it is not obvious to the average user (or even to me) that this boolean could be the solution to the problem.
Is there something I could adjust in the ejabberd policy that would resolve this issue? Thanks.
[0] https://src.fedoraproject.org/rpms/ejabberd/blob/rawhide/f/ejabberd.te [1] https://bugzilla.redhat.com/show_bug.cgi?id=1901466