add selinux policy for apache

author: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-04-12 08:46:55 -0400
committer: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-04-12 08:46:55 -0400
commit: 367d38818725b60988c6352a927732de5e364c44 (patch)
tree: a6b2e37bf2eb037ea12d18de90bddaa60337903e /roles/apache/tasks/main.yml
parent: 01516b1b99694124173300b6e74b46fb5b121998 (diff)
download: selfhosted-367d38818725b60988c6352a927732de5e364c44.tar.gz
selfhosted-367d38818725b60988c6352a927732de5e364c44.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index 4892782..c1b42ee 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -41,6 +41,16 @@
     - { sebool: httpd_can_sendmail,           value: '{{ apache_can_sendmail }}' }
   tags: selinux
 
+- name: create SELinux policy for apache to allow kerberos with php fpm (why?)
+  include_role:
+    name: selinux_policy
+    apply:
+      tags: selinux
+  vars:
+    selinux_policy_name: apache_php_gss
+    selinux_policy_te: '{{ apache_selinux_policy_te }}'
+  tags: selinux
+
 - name: configure mod_gssapi
   import_tasks: gssapi.yml
   when: apache_gssapi or apache_use_nfs
author	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-04-12 08:46:55 -0400
committer	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-04-12 08:46:55 -0400
commit	367d38818725b60988c6352a927732de5e364c44 (patch)
tree	a6b2e37bf2eb037ea12d18de90bddaa60337903e /roles/apache/tasks/main.yml
parent	01516b1b99694124173300b6e74b46fb5b121998 (diff)
download	selfhosted-367d38818725b60988c6352a927732de5e364c44.tar.gz selfhosted-367d38818725b60988c6352a927732de5e364c44.zip