From 409b5b55f2cab2282ed48a1404829c3dbaeb5373 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Sun, 23 Feb 2025 15:00:09 +0100
Subject: [PATCH] Update to 2025-02-23 15:00

---
 roles/seadrive/files/seadrive.te             | 6 +++---
 roles/seadrive/tasks/selinux.yml             | 4 ++++
 roles/seadrive/templates/seadrive.service.j2 | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/seadrive/files/seadrive.te b/roles/seadrive/files/seadrive.te
index c743b83..5900f2c 100644
--- a/roles/seadrive/files/seadrive.te
+++ b/roles/seadrive/files/seadrive.te
@@ -1,10 +1,10 @@
-module seadrive 1.1;
+module seadrive 1.2;
 
 require {
         type init_t;
         type fusermount_exec_t;
-        class file { open read execute };
+        class file { open read execute execute_no_trans };
 }
 
 #============= init_t ==============
-allow init_t fusermount_exec_t:file { open read execute };
+allow init_t fusermount_exec_t:file { open read execute execute_no_trans };
diff --git a/roles/seadrive/tasks/selinux.yml b/roles/seadrive/tasks/selinux.yml
index 5d790bf..c54029b 100644
--- a/roles/seadrive/tasks/selinux.yml
+++ b/roles/seadrive/tasks/selinux.yml
@@ -17,3 +17,7 @@
   command: semodule -i /etc/selinux/targeted/local/seadrive.pp
   when: seadrive_selinux_policy.changed
   tags: seadrive
+
+- name: Set domain_can_mmap_files
+  seboolean: name=domain_can_mmap_files state=true persistent=true
+  tags: seadrive
diff --git a/roles/seadrive/templates/seadrive.service.j2 b/roles/seadrive/templates/seadrive.service.j2
index b32bf9e..e4b909f 100644
--- a/roles/seadrive/templates/seadrive.service.j2
+++ b/roles/seadrive/templates/seadrive.service.j2
@@ -4,7 +4,7 @@ Description=Seafile virtual drive
 [Service]
 Type=simple
 ExecStart=/usr/bin/seadrive -c /etc/seadrive/{{ item.id }}.conf -d {{ item.data_dir | default('/var/cache/seadrive/' + item.id) }} -o {{ item.fuse_opts | default(['allow_other']) | join(',') }} -f -l - {{ item.drive_dir }}
-ExecStopPost=!/bin/fusermount -uz {{ item.drive_dir }}
+ExecStopPost=-!/bin/fusermount -uz {{ item.drive_dir }}
 RestartSec=5
 User={{ item.user | default('root') }}
 MemoryLimit=1024M