From 507934285bae8b4905e8c43595ac3662b98f2c48 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 21 Aug 2019 09:23:06 +0200
Subject: [PATCH] remove static selinux rules

---
 defaults/main.yml | 13 ++++++++++---
 tasks/selinux.yml | 13 ++-----------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8a2850a..ec7e188 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,11 +1,18 @@
 ---
-# not working currently
 cups_version: 2.2.10
 
-# Install dependencies or
-# custom driver packages
+# Install dependencies or custom driver packages
 cups_packages_extra: []
 
+## Example
+# cups_selinux_fcontext:
+#   - { target: '/opt/brother', setype: 'bin_t' }
+cups_selinux_fcontext: []
+## Example
+# cups_selinux_restorecon:
+#   - -R /opt/brother
+cups_selinux_restorecon: []
+
 cups_admin_username: cupsadm
 cups_admin_password: secure
 
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
index 460d89e..6cb6a4c 100644
--- a/tasks/selinux.yml
+++ b/tasks/selinux.yml
@@ -5,21 +5,12 @@
         target: "{{ item.target }}"
         setype: "{{ item.setype }}"
         state: present
-      loop:
-        - { target: '/opt/brother', setype: 'bin_t' }
-        - { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
-        - { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
-        - { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
-        - { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
+      loop: "{{ cups_selinux_fcontext }}"
       notify: __cupsd_restart
 
     - name: Apply new SELinux file context to filesystem
       command: "restorecon {{ item }}"
-      loop:
-        - -R /opt/brother
-        - -R /etc/opt/brother
-        - -R /opt/brother/Printers
-        - -RFv /usr/lib/cups/filter
+      loop: "{{ cups_selinux_restorecon }}"
       changed_when: False
       notify: __cupsd_restart