From 657deee6a54d2d7d506c9ee7aae7c75aaecb9d8d Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 20 Nov 2020 16:00:08 +0100 Subject: [PATCH] Update to 2020-11-20 16:00 --- roles/onlyoffice_document_server/tasks/selinux.yml | 32 +++++++++++++++------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/roles/onlyoffice_document_server/tasks/selinux.yml b/roles/onlyoffice_document_server/tasks/selinux.yml index 5ca2ca8..21838f1 100644 --- a/roles/onlyoffice_document_server/tasks/selinux.yml +++ b/roles/onlyoffice_document_server/tasks/selinux.yml @@ -1,16 +1,28 @@ --- -- name: Copy SELinux policy - copy: src=onlyoffice_docserver.te dest=/etc/selinux/targeted/local/onlyoffice_docserver.te - register: oo_selinux_policy +- name: Set correct context for binaries + sefcontext: + target: "{{ item }}" + setype: bin_t + loop: + - /var/www/onlyoffice/documentserver/server/FileConverter/converter + - /var/www/onlyoffice/documentserver/server/DocService/docservice + - /var/www/onlyoffice/documentserver/server/Metrics/metrics + - /var/www/onlyoffice/documentserver/server/SpellChecker/spellchecker + register: oo_bin_context + notify: restart documentserver tags: oo -- name: Compile SELinux policy - shell: | - cd /etc/selinux/targeted/local/ - checkmodule -M -m -o onlyoffice_docserver.mod onlyoffice_docserver.te - semodule_package -o onlyoffice_docserver.pp -m onlyoffice_docserver.mod - semodule -i /etc/selinux/targeted/local/onlyoffice_docserver.pp - when: oo_selinux_policy.changed +- name: Reset SELinux context + command: restorecon -R /var/www/onlyoffice/documentserver/server/ /var/lib/onlyoffice/ + when: oo_bin_context.results | selectattr('changed','equalto',True) | list | length > 0 + tags: oo + +- name: Remove useless SELinux policy + file: path=/etc/selinux/targeted/local/{{ item }} state=absent + loop: + - onlyoffice_docserver.te + - onlyoffice_docserver.mod + - onlyoffice_docserver.pp tags: oo