From d9f82bdd7f7aa95c8da1576f5446d6026493d9d2 Mon Sep 17 00:00:00 2001
From: Luke Macken <lmacken@redhat.com>
Date: Tue, 11 Mar 2014 18:41:12 +0000
Subject: [PATCH] Set the SELinux context of /var/tmp/bodhi-bz.cookie to
 httpd_tmp_t

---
 roles/bodhi/base/tasks/main.yml | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/roles/bodhi/base/tasks/main.yml b/roles/bodhi/base/tasks/main.yml
index ed47f87cf9..52bd2179e5 100644
--- a/roles/bodhi/base/tasks/main.yml
+++ b/roles/bodhi/base/tasks/main.yml
@@ -71,21 +71,15 @@
   tags:
   - config
 
-- name: install /var/tmp/bodhi-bz.cookie file
-  copy: >
-    dest=/var/tmp/bodhi-bz.cookie 
-    owner=bodhi 
-    group=bodhi 
-    mode=0600 
-    content="placeholder"
-    force=no
-  tags:
-  - config
+- name: check the selinux context of the bugzilla cookie
+  command: matchpathcon /var/tmp/bodhi-bz.cookie
+  register: cookiecontext
+  always_run: yes
+  changed_when: "1 != 1"
 
-- name: Make sure bodhi-bz.cookie is httpd_tmp_t for selinux.
-  file: >
-    setype=httpd_tmp_t
-    dest=/var/tmp/bodhi-bz.cookie
+- name: set the SELinux policy for the bugzilla cookie
+  command: semanage fcontext -a -t httpd_tmp_t "/var/tmp/bodhi-bz.cookie"
+  when: cookiecontext.stdout.find('httpd_tmp_t') == -1
   tags:
   - config