From 2df71d95cb4aeb9c46db087d76c20ee16677b6b1 Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Tue, 9 May 2023 16:47:21 -0400
Subject: [PATCH] mailman: use sefcontext module to set selinux file contexts

Implement the TODO item from b64d7567f6 (Mailman: don't report useless
exceptions in Django via email, 2016-09-28).

This also removes two yamllint line-length warnings:

      17:101    warning  line too long (108 > 100 characters)  (line-length)
      47:101    warning  line too long (113 > 100 characters)  (line-length)

The changes were performed via:

    sed -i 's/^  command: semanage fcontext -a -t \([^ ]\+\) \(".*"\)$/  sefcontext:\n    target: \2\n    setype: \1\n    state: present/' roles/mailman/tasks/main.yml

Signed-off-by: Todd Zullinger <tmz@pobox.com>
---
 roles/mailman/tasks/main.yml | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index 33bbfa9f49..5fa0241152 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -5,46 +5,66 @@
 
 #
 # SELinux
-# TODO: switch to the sefcontext module when we update Ansible to 2.2+
 #
 - name: set the SELinux policy for the configuration directory
-  command: semanage fcontext -a -t etc_t "{{ mailman_webui_confdir }}(/.*)?"
+  sefcontext:
+    target: "{{ mailman_webui_confdir }}(/.*)?"
+    setype: etc_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the fulltext index
-  command: semanage fcontext -a -t httpd_sys_rw_content_t "{{ mailman_webui_basedir }}/fulltext_index(/.*)?"
+  sefcontext:
+    target: "{{ mailman_webui_basedir }}/fulltext_index(/.*)?"
+    setype: httpd_sys_rw_content_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the static files directory
-  command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/static(/.*)?"
+  sefcontext:
+    target: "{{ mailman_webui_basedir }}/static(/.*)?"
+    setype: httpd_sys_content_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the templates override directory
-  command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/templates(/.*)?"
+  sefcontext:
+    target: "{{ mailman_webui_basedir }}/templates(/.*)?"
+    setype: httpd_sys_content_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the log directory
-  command: semanage fcontext -a -t httpd_log_t "/var/log/hyperkitty(/.*)?"
+  sefcontext:
+    target: "/var/log/hyperkitty(/.*)?"
+    setype: httpd_log_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the generated postfix databases
-  command: semanage fcontext -a -t etc_aliases_t "{{ mailman_webui_basedir }}/var/data/postfix_.*"
+  sefcontext:
+    target: "{{ mailman_webui_basedir }}/var/data/postfix_.*"
+    setype: etc_aliases_t
+    state: present
   tags:
   - mailman
   - selinux
 
 - name: set the SELinux policy for the old static archives
-  command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?"
+  sefcontext:
+    target: "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?"
+    setype: httpd_sys_content_t
+    state: present
   tags:
   - mailman
   - selinux