ansible-roles/roles/openxpki/tasks/selinux.yml

---

- name: Set correct SELinux labels
  sefcontext:
    target: "{{ pki_root_dir }}/{{ item.path }}(/.*)?"
    setype: "{{ item.type }}"
    state: present
  loop:
    - path: run
      type: httpd_var_run_t
    - path: web/cgi-bin
      type: httpd_sys_script_exec_t
    - path: web/htdocs
      type: httpd_sys_content_t
    - path: data
      type: httpd_sys_content_t
  tags: pki

- name: Restore SElinux contexts
  command: restorecon -R {{ pki_root_dir }}
  changed_when: False
  tags: pki

- name: Copy SElinux policy file
  copy: src=openxpki.te dest=/etc/selinux/targeted/local/
  register: pki_selinux_policy
  tags: pki

- name: Add local policy
  shell: |
    cd /etc/selinux/targeted/local/
    checkmodule -M -m -o openxpki.mod openxpki.te
    semodule_package -o openxpki.pp -m openxpki.mod
    semodule -i /etc/selinux/targeted/local/openxpki.pp
  when: pki_selinux_policy.changed
  tags: pki
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00			`---`

			`- name: Set correct SELinux labels`
			`sefcontext:`
			`target: "{{ pki_root_dir }}/{{ item.path }}(/.*)?"`
			`setype: "{{ item.type }}"`
			`state: present`
			`loop:`
			`- path: run`
			`type: httpd_var_run_t`
			`- path: web/cgi-bin`
			`type: httpd_sys_script_exec_t`
			`- path: web/htdocs`
			`type: httpd_sys_content_t`
			`- path: data`
			`type: httpd_sys_content_t`
			`tags: pki`

			`- name: Restore SElinux contexts`
			`command: restorecon -R {{ pki_root_dir }}`
			`changed_when: False`
			`tags: pki`

			`- name: Copy SElinux policy file`
			`copy: src=openxpki.te dest=/etc/selinux/targeted/local/`
			`register: pki_selinux_policy`
			`tags: pki`

			`- name: Add local policy`
			`shell: \|`
			`cd /etc/selinux/targeted/local/`
			`checkmodule -M -m -o openxpki.mod openxpki.te`
			`semodule_package -o openxpki.pp -m openxpki.mod`
			`semodule -i /etc/selinux/targeted/local/openxpki.pp`
			`when: pki_selinux_policy.changed`
			`tags: pki`