diff options
Diffstat (limited to 'roles/ttrss')
-rw-r--r-- | roles/ttrss/tasks/main.yml | 11 | ||||
-rw-r--r-- | roles/ttrss/vars/main.yml | 10 |
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/ttrss/tasks/main.yml b/roles/ttrss/tasks/main.yml index 13cd9b0..787b9ba 100644 --- a/roles/ttrss/tasks/main.yml +++ b/roles/ttrss/tasks/main.yml @@ -15,6 +15,17 @@ version: '{{ ttrss_version }}' update: yes +- name: create SELinux policy for apache to allow kerberos auth + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: apache_php_gss + selinux_policy_te: '{{ ttrss_selinux_policy_te }}' + tags: selinux + + - name: set httpd_sys_rw_content_t selinux context for writable directories sefcontext: target: '{{ ttrss_home }}/{{ item }}(/.*)?' diff --git a/roles/ttrss/vars/main.yml b/roles/ttrss/vars/main.yml index 96bdca4..788008d 100644 --- a/roles/ttrss/vars/main.yml +++ b/roles/ttrss/vars/main.yml @@ -44,3 +44,13 @@ ttrss_apache_config: | ErrorDocument 401 /index.php?noext=1 </If> </LocationMatch> + +ttrss_selinux_policy_te: | + require { + type unconfined_service_t; + type httpd_t; + class key { read view write }; + } + + #============= httpd_t ============== + allow httpd_t unconfined_service_t:key { read view write }; |