Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

mailman: use sefcontext module to set selinux file contexts

Browse source 
Implement the TODO item from b64d7567f6 (Mailman: don't report useless
exceptions in Django via email, 2016-09-28).

This also removes two yamllint line-length warnings:

      17:101    warning  line too long (108 > 100 characters)  (line-length)
      47:101    warning  line too long (113 > 100 characters)  (line-length)

The changes were performed via:

    sed -i 's/^  command: semanage fcontext -a -t \([^ ]\+\) \(".*"\)$/  sefcontext:\n    target: \2\n    setype: \1\n    state: present/' roles/mailman/tasks/main.yml

Signed-off-by: Todd Zullinger <tmz@pobox.com>
This commit is contained in:
Todd Zullinger 2023-05-09 16:47:21 -04:00 committed by kevin
parent 3d053cf5a2
commit 2df71d95cb
1 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

36
roles/mailman/tasks/main.yml
View file

@ -5,46 +5,66 @@
# #
# SELinux # SELinux
# TODO: switch to the sefcontext module when we update Ansible to 2.2+
# #
- name: set the SELinux policy for the configuration directory - name: set the SELinux policy for the configuration directory
command: semanage fcontext -a -t etc_t "{{ mailman_webui_confdir }}(/.*)?" sefcontext:
target: "{{ mailman_webui_confdir }}(/.*)?"
setype: etc_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the fulltext index - name: set the SELinux policy for the fulltext index
command: semanage fcontext -a -t httpd_sys_rw_content_t "{{ mailman_webui_basedir }}/fulltext_index(/.*)?" sefcontext:
target: "{{ mailman_webui_basedir }}/fulltext_index(/.*)?"
setype: httpd_sys_rw_content_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the static files directory - name: set the SELinux policy for the static files directory
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/static(/.*)?" sefcontext:
target: "{{ mailman_webui_basedir }}/static(/.*)?"
setype: httpd_sys_content_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the templates override directory - name: set the SELinux policy for the templates override directory
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/templates(/.*)?" sefcontext:
target: "{{ mailman_webui_basedir }}/templates(/.*)?"
setype: httpd_sys_content_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the log directory - name: set the SELinux policy for the log directory
command: semanage fcontext -a -t httpd_log_t "/var/log/hyperkitty(/.*)?" sefcontext:
target: "/var/log/hyperkitty(/.*)?"
setype: httpd_log_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the generated postfix databases - name: set the SELinux policy for the generated postfix databases
command: semanage fcontext -a -t etc_aliases_t "{{ mailman_webui_basedir }}/var/data/postfix_.*" sefcontext:
target: "{{ mailman_webui_basedir }}/var/data/postfix_.*"
setype: etc_aliases_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux
- name: set the SELinux policy for the old static archives - name: set the SELinux policy for the old static archives
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?" sefcontext:
target: "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?"
setype: httpd_sys_content_t
state: present
tags: tags:
- mailman - mailman
- selinux - selinux