A custom selinux module for fedmsg.
This commit is contained in:
Ralph Bean
parent
e05439c3c6
commit
091a117c4f
4 changed files with 23 additions and 0 deletions
BIN
roles/fedmsg_base/files/selinux/fedmsg.mod
Normal file
BIN
roles/fedmsg_base/files/selinux/fedmsg.mod
Normal file
Binary file not shown.
BIN
roles/fedmsg_base/files/selinux/fedmsg.pp
Normal file
BIN
roles/fedmsg_base/files/selinux/fedmsg.pp
Normal file
Binary file not shown.
11
roles/fedmsg_base/files/selinux/fedmsg.te
Normal file
11
roles/fedmsg_base/files/selinux/fedmsg.te
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
module fedmsg 1.0;
|
||||
|
||||
require {
|
||||
type anon_inodefs_t;
|
||||
type httpd_t;
|
||||
class file write;
|
||||
}
|
||||
|
||||
#============= httpd_t ==============
|
||||
allow httpd_t anon_inodefs_t:file write;
|
||||
|
|
@ -70,3 +70,15 @@
|
|||
when: fedmsg_certs != []
|
||||
tags:
|
||||
- config
|
||||
|
||||
# Three tasks for handling our custom selinux module
|
||||
- name: ensure a directory exists for our custom selinux module
|
||||
file: dest=/usr/local/share/fedmsg state=directory
|
||||
|
||||
- name: copy over our custom selinux module
|
||||
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
|
||||
register: selinux_module
|
||||
|
||||
- name: install our custom selinux module
|
||||
command: semanage -i /usr/local/share/fedmsg/fedmsg.pp
|
||||
when: selinux_module|changed
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue