pagure: make use of the new selinux/module role to install/compile selinux policies
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon
parent
f3a1c52522
commit
033c798d6e
1 changed files with 10 additions and 30 deletions
|
|
@ -48,37 +48,17 @@
|
||||||
- pagure
|
- pagure
|
||||||
- selinux
|
- selinux
|
||||||
|
|
||||||
- name: copy over our custom selinux module
|
- name: Install the pagure SELinux policy
|
||||||
copy: src=selinux/pagure.te dest=/usr/local/share/pagure.te
|
run_once: true
|
||||||
register: selinux_module
|
include_role:
|
||||||
|
name: selinux/module
|
||||||
|
vars:
|
||||||
|
policy_file: files/pagure.te
|
||||||
|
policy_name: pagure
|
||||||
tags:
|
tags:
|
||||||
- config
|
- selinux
|
||||||
- pagure
|
- config
|
||||||
- selinux
|
- pagure
|
||||||
|
|
||||||
- name: Build our custom selinux module
|
|
||||||
command: checkmodule -M -m -o /usr/local/share/pagure.mod /usr/local/share/pagure.te
|
|
||||||
when: selinux_module is changed
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
- pagure
|
|
||||||
- selinux
|
|
||||||
|
|
||||||
- name: Compile our custom selinux module
|
|
||||||
command: semodule_package -o /usr/local/share/pagure.pp -m /usr/local/share/pagure.mod
|
|
||||||
when: selinux_module is changed
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
- pagure
|
|
||||||
- selinux
|
|
||||||
|
|
||||||
- name: install our custom selinux module
|
|
||||||
command: semodule -i /usr/local/share/pagure.pp
|
|
||||||
when: selinux_module is changed
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
- pagure
|
|
||||||
- selinux
|
|
||||||
|
|
||||||
- name: set sebooleans so pagure can talk to the network (db + redis)
|
- name: set sebooleans so pagure can talk to the network (db + redis)
|
||||||
seboolean: name=httpd_can_network_connect
|
seboolean: name=httpd_can_network_connect
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue