From b4cf3d1cf01b3155a9ccadbc0f817ef99e8f523c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 1 Feb 2023 10:59:32 -0800
Subject: [PATCH] bkernel: use more acls

We need also to allow pesign to the dir/socket so it can start and then
we need kojibuilder access to the socket too.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bkernel/tasks/main.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml
index 05482e103e..6857343404 100644
--- a/roles/bkernel/tasks/main.yml
+++ b/roles/bkernel/tasks/main.yml
@@ -34,8 +34,23 @@
   tags:
   - bkernel
 
-- name: /var/run/pesign directory perms
-  acl: path=/var/run/pesign default=true entity=kojibuilder etype=group permissions=rwx recursive=true state=present
+- name: /var/run/pesign directory perms (kojibuilder)
+  acl: path=/var/run/pesign entity=kojibuilder etype=group permissions=rwx recursive=true state=present
+  tags:
+  - bkernel
+
+- name: /var/run/pesign directory perms (pesign)
+  acl: path=/var/run/pesign default=true entity=pesign etype=group permissions=rwx recursive=true state=present
+  tags:
+  - bkernel
+
+- name: /var/run/pesign socket perms (kojibuilder)
+  acl: path=/var/run/pesign/socket entity=kojibuilder etype=group permissions=rwx recursive=true state=present
+  tags:
+  - bkernel
+
+- name: /var/run/pesign socket perms (pesign)
+  acl: path=/var/run/pesign/socket default=true entity=pesign etype=group permissions=rwx recursive=true state=present
   tags:
   - bkernel