From 367d38818725b60988c6352a927732de5e364c44 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Wed, 12 Apr 2023 08:46:55 -0400
Subject: add selinux policy for apache

---
 roles/apache/vars/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'roles/apache/vars/main.yml')

diff --git a/roles/apache/vars/main.yml b/roles/apache/vars/main.yml
index fa0a293..90bfff2 100644
--- a/roles/apache/vars/main.yml
+++ b/roles/apache/vars/main.yml
@@ -35,3 +35,13 @@ apache_gzip_types:
   - text/javascript
   - text/plain
   - text/xml
+
+apache_selinux_policy_te:
+	require {
+		type unconfined_service_t;
+		type httpd_t;
+		class key read;
+	}
+
+	#============= httpd_t ==============
+	allow httpd_t unconfined_service_t:key read;
-- 
cgit