From 4702bb99cb5116f03e58347761f592ee14ca208b Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 11 Feb 2016 20:02:54 +0000
Subject: [PATCH] Make selinux aware that /home == /srv/home

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/people/tasks/main.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index 90bccd9703..862a44ae44 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -129,6 +129,24 @@
   - config
   - selinux
 
+# This is a file context alias, to let ansible know that /home and /srv/home
+# are equal as far as contexts are concerned.
+- name: check the selinux context alias of the home dir
+  command: matchpathcon "/srv/home"
+  register: gitcontext
+  always_run: yes
+  changed_when: false
+  tags:
+  - config
+  - selinux
+
+- name: set the SELinux policy alias for the home dir
+  command: semanage fcontext -a -e /home /srv/home
+  when: gitcontext.stdout.find('home_root_t') == -1
+  tags:
+  - config
+  - selinux
+
 #
 # This sets the default, it's safe to always run. 
 # Default quota for users is 2gb