From 53ad3527570eef674d9b1c797d585f045b5f60f9 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 10 Aug 2018 14:33:35 +0000
Subject: [PATCH] selinux policy for mediawiki

---
 roles/mediawiki/files/selinux/mediawiki.pp | Bin 0 -> 922 bytes
 roles/mediawiki/tasks/main.yml             |  14 ++++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 roles/mediawiki/files/selinux/mediawiki.pp

diff --git a/roles/mediawiki/files/selinux/mediawiki.pp b/roles/mediawiki/files/selinux/mediawiki.pp
new file mode 100644
index 0000000000000000000000000000000000000000..ebaeac94a9201c98123b52e977b962e0c9bb827b
GIT binary patch
literal 922
zcmb_aOAbLn5G=o7MdAWZAl$&lj+Fzv;5{+^VT6S%i1S*JVk+spn8ZRQou27Wbx)@5
z&+DTAfYt<XdtM(60OLV>=(eXzd$dbW>#PW%70PP(pblV@rEYR|D^~*0>va1eXCeA>
z2<lEx%-uR;JMWvxUTKa|$!@yLW<EJs`q){pd9F{Z1g{x{t=rCziLZviv7&|d`!w;I
z6NB3I20}4{b7{)U+kL*(@g0g=h+8}smh+dn`5Jx?k>?R&aqg1m(tfd?f5ra=?n~)X
braW7tMx{;ui*nN1TTcqoQ(HklHvA1Qpj0it

literal 0
HcmV?d00001

diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml
index 7e379ee530..194a752a3c 100644
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@@ -165,3 +165,17 @@
         dest=/srv/web/fp-wiki/extensions/OpenIDConnect/OpenIDConnect.class.php
   tags:
   - mediawiki
+
+- name: ensure a directory exists for our SELinux policy
+  file: dest=/usr/local/share/selinux/ state=directory
+  tags: selinux
+
+- name: copy over our custom selinux policy
+  copy: src=mediawiki.pp dest=/usr/local/share/selinux/mediawiki.pp
+  register: selinux_module
+  tags: selinux
+
+- name: install our custom selinux policy
+  command: semodule -i /usr/local/share/selinux/mediawiki.pp
+  when: selinux_module is changed
+  tags: selinux