2017-08-29 06:51:06 +00:00
|
|
|
---
|
|
|
|
|
- name: Install deps
|
|
|
|
|
yum: name="{{item}}" state=present
|
|
|
|
|
with_items:
|
|
|
|
|
- policycoreutils-python
|
|
|
|
|
- selinux-policy-devel
|
|
|
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
|
|
2017-08-29 07:10:26 +00:00
|
|
|
# - name: Install SELinux for Ubuntu
|
|
|
|
|
# apt: name={{ item }} state=present
|
|
|
|
|
# with_items:
|
|
|
|
|
# - selinux
|
|
|
|
|
# - selinux-policy-dev
|
|
|
|
|
# when: ansible_distribution == 'Ubuntu'
|
2017-08-29 06:51:06 +00:00
|
|
|
|
|
|
|
|
- name: Check enabled SELinux modules
|
|
|
|
|
shell: semanage module -l
|
|
|
|
|
register: enabled_modules
|
2017-08-29 07:10:26 +00:00
|
|
|
when: ansible_distribution == 'CentOS'
|
2017-08-29 06:51:06 +00:00
|
|
|
|
|
|
|
|
- name: Copy frappe_selinux policy
|
|
|
|
|
copy: src=frappe_selinux.te dest=/root/frappe_selinux.te
|
|
|
|
|
register: dest_frappe_selinux_te
|
2017-08-29 07:10:26 +00:00
|
|
|
when: ansible_distribution == 'CentOS'
|
2017-08-29 06:51:06 +00:00
|
|
|
|
|
|
|
|
- name: Compile frappe_selinux policy
|
|
|
|
|
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
|
|
|
|
|
args:
|
|
|
|
|
chdir: /root/
|
2017-08-29 07:10:26 +00:00
|
|
|
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
|
2017-08-29 06:51:06 +00:00
|
|
|
|
