mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-07-30 11:15:42 +02:00
Update to 2021-12-01 19:13
This commit is contained in:
Daniel Berteaud
37
roles/openxpki/tasks/selinux.yml
Normal file
37
roles/openxpki/tasks/selinux.yml
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
|
||||
- name: Set correct SELinux labels
|
||||
sefcontext:
|
||||
target: "{{ pki_root_dir }}/{{ item.path }}(/.*)?"
|
||||
setype: "{{ item.type }}"
|
||||
state: present
|
||||
loop:
|
||||
- path: run
|
||||
type: httpd_var_run_t
|
||||
- path: web/cgi-bin
|
||||
type: httpd_sys_script_exec_t
|
||||
- path: web/htdocs
|
||||
type: httpd_sys_content_t
|
||||
- path: data
|
||||
type: httpd_sys_content_t
|
||||
tags: pki
|
||||
|
||||
- name: Restore SElinux contexts
|
||||
command: restorecon -R {{ pki_root_dir }}
|
||||
changed_when: False
|
||||
tags: pki
|
||||
|
||||
- name: Copy SElinux policy file
|
||||
copy: src=openxpki.te dest=/etc/selinux/targeted/local/
|
||||
register: pki_selinux_policy
|
||||
tags: pki
|
||||
|
||||
- name: Add local policy
|
||||
shell: |
|
||||
cd /etc/selinux/targeted/local/
|
||||
checkmodule -M -m -o openxpki.mod openxpki.te
|
||||
semodule_package -o openxpki.pp -m openxpki.mod
|
||||
semodule -i /etc/selinux/targeted/local/openxpki.pp
|
||||
when: pki_selinux_policy.changed
|
||||
tags: pki
|
||||
|
||||
Reference in New Issue
Block a user