From a212d6626fea24602d83d63ee02bc7afa9b9f176 Mon Sep 17 00:00:00 2001 From: Mathieu Bridon Date: Tue, 27 Jan 2015 13:04:28 +0100 Subject: [PATCH] cgit/make_pkgs_list: Fix SELinux context --- .../files/make-cgit-pkgs-list.sh | 2 +- roles/cgit/make_pkgs_list/tasks/main.yml | 20 ++++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/roles/cgit/make_pkgs_list/files/make-cgit-pkgs-list.sh b/roles/cgit/make_pkgs_list/files/make-cgit-pkgs-list.sh index 89fea9c3e9..0ff69d2c63 100644 --- a/roles/cgit/make_pkgs_list/files/make-cgit-pkgs-list.sh +++ b/roles/cgit/make_pkgs_list/files/make-cgit-pkgs-list.sh @@ -9,6 +9,6 @@ newfile=`mktemp` cd /srv/git/rpms ls > $newfile -mv $newfile /srv/git/pkgs-git-repos-list +mv -Z $newfile /srv/git/pkgs-git-repos-list chown apache:apache /srv/git/pkgs-git-repos-list chmod 644 /srv/git/pkgs-git-repos-list diff --git a/roles/cgit/make_pkgs_list/tasks/main.yml b/roles/cgit/make_pkgs_list/tasks/main.yml index c17fd72a01..7ea87ac1c9 100644 --- a/roles/cgit/make_pkgs_list/tasks/main.yml +++ b/roles/cgit/make_pkgs_list/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasklist for setting up the CGit file list -- name: install the script and schedule its execution +- name: install the script copy: src=make-cgit-pkgs-list.sh dest=/usr/local/bin/make-cgit-pkgs-list.sh mode=0755 - name: install the cron job @@ -10,3 +10,21 @@ minute=*/10 user=root job="/usr/local/bin/lock-wrapper make-cgit-pkgs-list '/usr/local/bin/make-cgit-pkgs-list.sh | /usr/local/bin/nag-once fassync 1d 2>&1'" + +- name: check the selinux context of the repo list + command: matchpathcon /srv/git/pkgs-git-repos-list + register: gitlistcontext + always_run: yes + changed_when: false + tags: + - config + - cgit + - selinux + +- name: set the SELinux policy for the repo list + command: semanage fcontext -a -t httpd_git_content_t "/srv/git/pkgs-git-repos-list" + when: gitlistcontext.stdout.find('httpd_git_content_t') == -1 + tags: + - config + - cgit + - selinux