From 3dec01a15a6211b4f3ed3d5040ad337a13703589 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 14 Dec 2021 16:33:19 -0800
Subject: [PATCH] openqa/server: set httpd_can_network_connect boolean again :(

Seems there's one more port that needs to be tagged before we
can finally unset this:
https://bugzilla.redhat.com/show_bug.cgi?id=1277312#c9

Keep the custom policy as well, though, so we just need to
update it when that port gets done.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 roles/openqa/server/tasks/main.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml
index 3c248960ad..bd7d915ea8 100644
--- a/roles/openqa/server/tasks/main.yml
+++ b/roles/openqa/server/tasks/main.yml
@@ -302,9 +302,10 @@
   command: semodule -i /usr/local/share/selinux/httpd-openqa.pp
   when: selinux_module is changed
 
-# we used to set this as a bigger hammer to let httpd connect to openQA
-- name: Unset httpd_can_network_connect SELinux boolean
-  seboolean: name=httpd_can_network_connect state=no persistent=yes
+# Unfortunately still need this until port 9528 is tagged:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1277312
+- name: Set httpd_can_network_connect SELinux boolean
+  seboolean: name=httpd_can_network_connect state=yes persistent=yes
 
 - name: Allow Apache to read from NFS (as we store test data files there now)
   seboolean: name=httpd_use_nfs state=yes persistent=yes