distgit: Ensure the proper SELinux contexts
This commit is contained in:
Mathieu Bridon
parent
a212d6626f
commit
c066e21c3a
1 changed files with 54 additions and 0 deletions
|
|
@ -37,6 +37,24 @@
|
||||||
- name: create the distgit root directory (/srv/git)
|
- name: create the distgit root directory (/srv/git)
|
||||||
file: dest=/srv/git state=directory mode=0755
|
file: dest=/srv/git state=directory mode=0755
|
||||||
|
|
||||||
|
- name: check the selinux context of the distgit root directory
|
||||||
|
command: matchpathcon /srv/git
|
||||||
|
register: distgitcontext
|
||||||
|
always_run: yes
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- distgit
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
- name: set the SELinux policy for the distgit root directory
|
||||||
|
command: semanage fcontext -a -t httpd_git_content_t "/srv/git(/.*)?"
|
||||||
|
when: distgitcontext.stdout.find('httpd_git_content_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- distgit
|
||||||
|
- selinux
|
||||||
|
|
||||||
- name: create the distgit root directory (/srv/git/rpms)
|
- name: create the distgit root directory (/srv/git/rpms)
|
||||||
file: dest=/srv/git/rpms state=directory mode=2775 group=packager
|
file: dest=/srv/git/rpms state=directory mode=2775 group=packager
|
||||||
|
|
||||||
|
|
@ -207,6 +225,24 @@
|
||||||
file: dest=/srv/cache/lookaside/pkgs state=directory
|
file: dest=/srv/cache/lookaside/pkgs state=directory
|
||||||
owner=apache group=apache
|
owner=apache group=apache
|
||||||
|
|
||||||
|
- name: check the selinux context of the Lookaside Cache root directory
|
||||||
|
command: matchpathcon /srv/cache
|
||||||
|
register: lcachecontext
|
||||||
|
always_run: yes
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- lookaside
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
- name: set the SELinux policy for the Lookaside Cache root directory
|
||||||
|
command: semanage fcontext -a -t httpd_git_content_t "/srv/cache(/.*)?"
|
||||||
|
when: lcachecontext.stdout.find('httpd_git_content_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- lookaside
|
||||||
|
- selinux
|
||||||
|
|
||||||
- name: install the fedora-ca.cert
|
- name: install the fedora-ca.cert
|
||||||
copy: src={{private}}/files/fedora-ca.cert dest=/etc/httpd/conf/cacert.pem
|
copy: src={{private}}/files/fedora-ca.cert dest=/etc/httpd/conf/cacert.pem
|
||||||
|
|
||||||
|
|
@ -233,3 +269,21 @@
|
||||||
copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
|
copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
|
||||||
notify:
|
notify:
|
||||||
- restart httpd
|
- restart httpd
|
||||||
|
|
||||||
|
- name: check the selinux context of the upload CGI script
|
||||||
|
command: matchpathcon /srv/web/upload.cgi
|
||||||
|
register: upcgicontext
|
||||||
|
always_run: yes
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- lookaside
|
||||||
|
- selinux
|
||||||
|
|
||||||
|
- name: set the SELinux policy for the upload CGI script
|
||||||
|
command: semanage fcontext -a -t httpd_git_script_exec_t "/srv/web/upload.cgi"
|
||||||
|
when: upcgicontext.stdout.find('httpd_git_script_exec_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- lookaside
|
||||||
|
- selinux
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue