Update to 2020-11-20 16:00

roles/onlyoffice_document_server/tasks/selinux.yml

@@ -1,16 +1,28 @@
 ---
 
-- name: Copy SELinux policy
+- name: Set correct context for binaries
-  copy: src=onlyoffice_docserver.te dest=/etc/selinux/targeted/local/onlyoffice_docserver.te
+  sefcontext:
-  register: oo_selinux_policy
+    target: "{{ item }}"
+    setype: bin_t
+  loop:
+    - /var/www/onlyoffice/documentserver/server/FileConverter/converter
+    - /var/www/onlyoffice/documentserver/server/DocService/docservice
+    - /var/www/onlyoffice/documentserver/server/Metrics/metrics
+    - /var/www/onlyoffice/documentserver/server/SpellChecker/spellchecker
+  register: oo_bin_context
+  notify: restart documentserver
   tags: oo
 
-- name: Compile SELinux policy
+- name: Reset SELinux context
-  shell: |
+  command: restorecon -R /var/www/onlyoffice/documentserver/server/ /var/lib/onlyoffice/
-    cd /etc/selinux/targeted/local/
+  when: oo_bin_context.results | selectattr('changed','equalto',True) | list | length > 0
-    checkmodule -M -m -o onlyoffice_docserver.mod onlyoffice_docserver.te
+  tags: oo
-    semodule_package -o onlyoffice_docserver.pp -m onlyoffice_docserver.mod
+
-    semodule -i /etc/selinux/targeted/local/onlyoffice_docserver.pp
+- name: Remove useless SELinux policy
-  when: oo_selinux_policy.changed
+  file: path=/etc/selinux/targeted/local/{{ item }} state=absent
+  loop:
+    - onlyoffice_docserver.te
+    - onlyoffice_docserver.mod
+    - onlyoffice_docserver.pp
   tags: oo