Update to 2020-11-20 16:00

roles/onlyoffice_document_server/tasks/selinux.yml

@@ -1,16 +1,28 @@
 ---
 
-- name: Copy SELinux policy
-  copy: src=onlyoffice_docserver.te dest=/etc/selinux/targeted/local/onlyoffice_docserver.te
-  register: oo_selinux_policy
+- name: Set correct context for binaries
+  sefcontext:
+    target: "{{ item }}"
+    setype: bin_t
+  loop:
+    - /var/www/onlyoffice/documentserver/server/FileConverter/converter
+    - /var/www/onlyoffice/documentserver/server/DocService/docservice
+    - /var/www/onlyoffice/documentserver/server/Metrics/metrics
+    - /var/www/onlyoffice/documentserver/server/SpellChecker/spellchecker
+  register: oo_bin_context
+  notify: restart documentserver
   tags: oo
 
-- name: Compile SELinux policy
-  shell: |
-    cd /etc/selinux/targeted/local/
-    checkmodule -M -m -o onlyoffice_docserver.mod onlyoffice_docserver.te
-    semodule_package -o onlyoffice_docserver.pp -m onlyoffice_docserver.mod
-    semodule -i /etc/selinux/targeted/local/onlyoffice_docserver.pp
-  when: oo_selinux_policy.changed
+- name: Reset SELinux context
+  command: restorecon -R /var/www/onlyoffice/documentserver/server/ /var/lib/onlyoffice/
+  when: oo_bin_context.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: oo
+
+- name: Remove useless SELinux policy
+  file: path=/etc/selinux/targeted/local/{{ item }} state=absent
+  loop:
+    - onlyoffice_docserver.te
+    - onlyoffice_docserver.mod
+    - onlyoffice_docserver.pp
   tags: oo