diff options
| -rw-r--r-- | roles/apache/tasks/main.yml | 10 | ||||
| -rw-r--r-- | roles/apache/vars/main.yml | 10 | ||||
| -rw-r--r-- | roles/ttrss/tasks/main.yml | 11 | ||||
| -rw-r--r-- | roles/ttrss/vars/main.yml | 10 |
4 files changed, 21 insertions, 20 deletions
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index c1b42ee..4892782 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -41,16 +41,6 @@ - { sebool: httpd_can_sendmail, value: '{{ apache_can_sendmail }}' } tags: selinux -- name: create SELinux policy for apache to allow kerberos with php fpm (why?) - include_role: - name: selinux_policy - apply: - tags: selinux - vars: - selinux_policy_name: apache_php_gss - selinux_policy_te: '{{ apache_selinux_policy_te }}' - tags: selinux - - name: configure mod_gssapi import_tasks: gssapi.yml when: apache_gssapi or apache_use_nfs diff --git a/roles/apache/vars/main.yml b/roles/apache/vars/main.yml index 84f31c2..fa0a293 100644 --- a/roles/apache/vars/main.yml +++ b/roles/apache/vars/main.yml @@ -35,13 +35,3 @@ apache_gzip_types: - text/javascript - text/plain - text/xml - -apache_selinux_policy_te: | - require { - type unconfined_service_t; - type httpd_t; - class key { read view write }; - } - - #============= httpd_t ============== - allow httpd_t unconfined_service_t:key { read view write }; diff --git a/roles/ttrss/tasks/main.yml b/roles/ttrss/tasks/main.yml index 13cd9b0..787b9ba 100644 --- a/roles/ttrss/tasks/main.yml +++ b/roles/ttrss/tasks/main.yml @@ -15,6 +15,17 @@ version: '{{ ttrss_version }}' update: yes +- name: create SELinux policy for apache to allow kerberos auth + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: apache_php_gss + selinux_policy_te: '{{ ttrss_selinux_policy_te }}' + tags: selinux + + - name: set httpd_sys_rw_content_t selinux context for writable directories sefcontext: target: '{{ ttrss_home }}/{{ item }}(/.*)?' diff --git a/roles/ttrss/vars/main.yml b/roles/ttrss/vars/main.yml index 96bdca4..788008d 100644 --- a/roles/ttrss/vars/main.yml +++ b/roles/ttrss/vars/main.yml @@ -44,3 +44,13 @@ ttrss_apache_config: | ErrorDocument 401 /index.php?noext=1 </If> </LocationMatch> + +ttrss_selinux_policy_te: | + require { + type unconfined_service_t; + type httpd_t; + class key { read view write }; + } + + #============= httpd_t ============== + allow httpd_t unconfined_service_t:key { read view write }; |