A custom selinux module for fedmsg.
This commit is contained in:
Ralph Bean
parent
e05439c3c6
commit
091a117c4f
4 changed files with 23 additions and 0 deletions
BIN
roles/fedmsg_base/files/selinux/fedmsg.mod
Normal file
BIN
roles/fedmsg_base/files/selinux/fedmsg.mod
Normal file
Binary file not shown.
BIN
roles/fedmsg_base/files/selinux/fedmsg.pp
Normal file
BIN
roles/fedmsg_base/files/selinux/fedmsg.pp
Normal file
Binary file not shown.
11
roles/fedmsg_base/files/selinux/fedmsg.te
Normal file
11
roles/fedmsg_base/files/selinux/fedmsg.te
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
|
||||||
|
module fedmsg 1.0;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type anon_inodefs_t;
|
||||||
|
type httpd_t;
|
||||||
|
class file write;
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= httpd_t ==============
|
||||||
|
allow httpd_t anon_inodefs_t:file write;
|
||||||
|
|
@ -70,3 +70,15 @@
|
||||||
when: fedmsg_certs != []
|
when: fedmsg_certs != []
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
# Three tasks for handling our custom selinux module
|
||||||
|
- name: ensure a directory exists for our custom selinux module
|
||||||
|
file: dest=/usr/local/share/fedmsg state=directory
|
||||||
|
|
||||||
|
- name: copy over our custom selinux module
|
||||||
|
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
|
||||||
|
register: selinux_module
|
||||||
|
|
||||||
|
- name: install our custom selinux module
|
||||||
|
command: semanage -i /usr/local/share/fedmsg/fedmsg.pp
|
||||||
|
when: selinux_module|changed
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue