From a7890c6874fb899da0e1075ab4b61c27c78e074d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Such=C3=BD?= <msuchy@redhat.com>
Date: Fri, 4 Oct 2013 07:36:31 +0000
Subject: [PATCH] enable ssh_sysadm_login sebool for all clouds

addressing:
type=AVC msg=audit(1380833385.268:173): avc:  denied  { getattr } for  pid=781 comm="sshd" path="/root/.ssh/authorized_keys" dev="vda1" ino=6493 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file
---
 tasks/cloud_setup_basic.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml
index 62fdb8e496..42e1de89ab 100644
--- a/tasks/cloud_setup_basic.yml
+++ b/tasks/cloud_setup_basic.yml
@@ -48,6 +48,9 @@
   - config
   ignore_errors: true
 
+- name: enable ssh_sysadm_login sebool
+  action: seboolean name=ssh_sysadm_login state=yes persistent=yes
+
 # note - kinda should be a handler - but handlers need args
 - name: restorecon
   action: command restorecon -R /root/.ssh