You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/29 19:24:57 UTC

[airavata] 02/02: Ansible: selinux for user_data_dir, which is usually a symlink and needs special permission

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git

commit fc85a2f91ae85c17821de24a60f0e5e4a8944098
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Jul 29 15:24:42 2022 -0400

    Ansible: selinux for user_data_dir, which is usually a symlink and needs special permission
---
 dev-tools/ansible/roles/httpd/tasks/main.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index ac13637c9d..4c9803bb40 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -65,7 +65,22 @@
   become: yes
   when: user_data_dir != real_user_data_dir
 
-- name: set selinux context to allow read/write on the user data directory
+- name: set selinux context to allow read/write on the user data directory ({{ user_data_dir }})
+  sefcontext:
+    target: "{{ user_data_dir }}(/.*)?"
+    setype: httpd_sys_rw_content_t
+    state: present
+  become: yes
+  notify:
+    - restart httpd
+  when: ansible_os_family == "RedHat"
+
+- name: run restorecon on user data directory ({{ user_data_dir }})
+  command: restorecon -F -R {{ user_data_dir }}
+  become: yes
+  when: ansible_os_family == "RedHat"
+
+- name: set selinux context to allow read/write on the user data directory ({{ real_user_data_dir }})
   sefcontext:
     # For SELinux file contexts, the real path without symbolic links must be used
     target: "{{ real_user_data_dir }}(/.*)?"
@@ -76,7 +91,7 @@
     - restart httpd
   when: ansible_os_family == "RedHat"
 
-- name: run restorecon on user data directory
+- name: run restorecon on user data directory ({{ real_user_data_dir }})
   command: restorecon -F -R {{ real_user_data_dir }}
   become: yes
   when: ansible_os_family == "RedHat"