ttrss: move selinux hack from apache to ttrss role

2 files changed, 0 insertions, 20 deletions

diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index c1b42ee..4892782 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -41,16 +41,6 @@
     - { sebool: httpd_can_sendmail,           value: '{{ apache_can_sendmail }}' }
   tags: selinux
 
-- name: create SELinux policy for apache to allow kerberos with php fpm (why?)
-  include_role:
-    name: selinux_policy
-    apply:
-      tags: selinux
-  vars:
-    selinux_policy_name: apache_php_gss
-    selinux_policy_te: '{{ apache_selinux_policy_te }}'
-  tags: selinux
-
 - name: configure mod_gssapi
   import_tasks: gssapi.yml
   when: apache_gssapi or apache_use_nfs
diff --git a/roles/apache/vars/main.yml b/roles/apache/vars/main.yml
index 84f31c2..fa0a293 100644
--- a/roles/apache/vars/main.yml
+++ b/roles/apache/vars/main.yml
@@ -35,13 +35,3 @@ apache_gzip_types:
   - text/javascript
   - text/plain
   - text/xml
-
-apache_selinux_policy_te: |
-  require {
-    type unconfined_service_t;
-    type httpd_t;
-    class key { read view write };
-  }
-
-  #============= httpd_t ==============
-  allow httpd_t unconfined_service_t:key { read view write };