diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/apache/tasks/main.yml | 10 | ||||
-rw-r--r-- | roles/apache/vars/main.yml | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 4892782..c1b42ee 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -41,6 +41,16 @@ - { sebool: httpd_can_sendmail, value: '{{ apache_can_sendmail }}' } tags: selinux +- name: create SELinux policy for apache to allow kerberos with php fpm (why?) + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: apache_php_gss + selinux_policy_te: '{{ apache_selinux_policy_te }}' + tags: selinux + - name: configure mod_gssapi import_tasks: gssapi.yml when: apache_gssapi or apache_use_nfs diff --git a/roles/apache/vars/main.yml b/roles/apache/vars/main.yml index fa0a293..90bfff2 100644 --- a/roles/apache/vars/main.yml +++ b/roles/apache/vars/main.yml @@ -35,3 +35,13 @@ apache_gzip_types: - text/javascript - text/plain - text/xml + +apache_selinux_policy_te: + require { + type unconfined_service_t; + type httpd_t; + class key read; + } + + #============= httpd_t ============== + allow httpd_t unconfined_service_t:key read; |