From d6b03498463aa3a5789ca9cfcc6813ae059faa63 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 15 May 2019 12:03:24 +0200
Subject: [PATCH] copr: backend: fix selinux context for letsencrypt

---
 roles/copr/backend/tasks/letsencrypt.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/roles/copr/backend/tasks/letsencrypt.yml b/roles/copr/backend/tasks/letsencrypt.yml
index f9919a92e3..92e516946c 100644
--- a/roles/copr/backend/tasks/letsencrypt.yml
+++ b/roles/copr/backend/tasks/letsencrypt.yml
@@ -15,6 +15,18 @@
     group: lighttpd
     mode: g+s
 
+- name: certbot, correct fcontext mapping the web root
+  sefcontext:
+    target: '/var/certbot/public_html/.well-known(/.*)'
+    setype: httpd_sys_content_t
+    state: present
+
+- name: certbot, restorecon the web root
+  file:
+    path: /var/certbot/public_html/.well-know
+    state: directory
+    setype: httpd_sys_content_t
+
 - name: Check that cert file exists
   stat:
     path: "/etc/letsencrypt/live/copr-be-dev.cloud.fedoraproject.org/cert.pem"