Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add mirrorlist container selinux policy

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2018-01-12 21:47:00 +00:00
parent d3ea8120ee
commit f46144bd78
3 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
roles/nagios_client/files/selinux/mirrormanager_container.pp Normal file
View file

Binary file not shown.

15
roles/nagios_client/files/selinux/mirrormanager_container.te Normal file
View file

@ -0,0 +1,15 @@
module mirrormanager_container 1.0;
require {
type container_t;
type container_file_t;
type mirrormanager_log_t;
type nrpe_t;
class file { append getattr };
}
# Allow mirrorlist to append to its log
allow container_t mirrormanager_log_t:file append;
# Allow nrpe to check file age of mirrorlist pkl files
allow nrpe_t container_file_t:file getattr;

9
roles/nagios_client/tasks/main.yml
View file

@ -99,6 +99,15 @@
command: semodule -i /usr/share/nrpe/fi-nrpe.pp
when: ansible_distribution_major_version|int == 7 and selinux_module|changed
- name: copy over our custom selinux module for mirrorlist
copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/mirrormanager_container.pp
register: selinux_module_mirrorlist
when: 'proxy' in inventory_hostname
- name: install our custom selinux module for mirrorlist
command: semodule -i /usr/share/nrpe/mirrormanager_container.pp
when: 'proxy' in inventory_hostname and selinux_module|changed
# Set up our base config.
- name: /etc/nagios/nrpe.cfg