Fix fcontexts for Pagure git repos and releases
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
754107bd80
commit
bc79560132
1 changed files with 37 additions and 0 deletions
|
|
@ -285,6 +285,43 @@
|
||||||
tags:
|
tags:
|
||||||
- pagure
|
- pagure
|
||||||
|
|
||||||
|
- name: check the selinux context of the git repo directory
|
||||||
|
command: matchpathcon /srv/git
|
||||||
|
register: distgitcontext
|
||||||
|
check_mode: no
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- pagure
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
- name: set the SELinux policy for the distgit root directory
|
||||||
|
command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?"
|
||||||
|
when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- pagure
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
- name: check the selinux context of the releases directory
|
||||||
|
command: matchpathcon /var/www/releases
|
||||||
|
register: distgitcontext
|
||||||
|
check_mode: no
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- pagure
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
# Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions?
|
||||||
|
- name: set the SELinux policy for the releases directory
|
||||||
|
command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?"
|
||||||
|
when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- pagure
|
||||||
|
- selinux
|
||||||
|
|
||||||
- name: copy over our custom selinux module
|
- name: copy over our custom selinux module
|
||||||
copy: src=selinux/pagure.pp dest=/usr/local/share/pagure.pp
|
copy: src=selinux/pagure.pp dest=/usr/local/share/pagure.pp
|
||||||
register: selinux_module
|
register: selinux_module
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue