add selinux tasks; restructuring
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Robert Kaussow 2019-02-12 23:31:40 +01:00
parent 10a46a1d51
commit a2c3af18ca
6 changed files with 51 additions and 0 deletions

View File

@ -1,6 +1,8 @@
--- ---
# not working currently # not working currently
cups_version: 2.2.10 cups_version: 2.2.10
cups_admin_username: cupsadm
cups_admin_password: secure
cups_bind_url: cups_bind_url:
- localhost:631 - localhost:631

View File

@ -13,11 +13,13 @@
yum: yum:
name: "{{ __cups_rpm_files }}" name: "{{ __cups_rpm_files }}"
state: present state: present
notify: __cupsd_restart
- name: Install custom driver packages - name: Install custom driver packages
yum: yum:
name: "{{ cups_custom_driver_packages }}" name: "{{ cups_custom_driver_packages }}"
state: present state: present
notify: __cupsd_restart
- name: Deploy global config files - name: Deploy global config files
template: template:

View File

@ -1,5 +1,8 @@
--- ---
- include_tasks: prepare.yml
- include_tasks: install.yml - include_tasks: install.yml
- include_tasks: selinux.yml
when: ansible_selinux
- import_tasks: nginx.yml - import_tasks: nginx.yml
when: cups_nginx_vhost_enabled when: cups_nginx_vhost_enabled
- include_tasks: post_tasks.yml - include_tasks: post_tasks.yml

10
tasks/prepare.yml Normal file
View File

@ -0,0 +1,10 @@
---
- block:
- name: Create user '{{ cups_admin_username }}'
user:
comment: Cups Admin
name: "{{ cups_admin_username }}"
password: "{{ cups_admin_password }}"
groups: printadmin
become: True
become_user: root

32
tasks/selinux.yml Normal file
View File

@ -0,0 +1,32 @@
---
- block:
- name: Add SELinux file context mapping definitions
sefcontext:
target: "{{ item.target }}"
setype: "{{ item.setype }}"
state: present
loop:
- { target: '/opt/brother', setype: 'bin_t' }
- { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
- { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
- { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
- { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
notify: __cupsd_restart
- name: Apply new SELinux file context to filesystem
command: "restorecon {{ item }}"
loop:
- -R /opt/brother
- -R /etc/opt/brother
- -R /opt/brother/Printers
- -RFv /usr/lib/cups/filter
notify: __cupsd_restart
- name: Allow cups execmem/execstack
seboolean:
name: cups_execmem
state: yes
persistent: yes
notify: __cupsd_restart
become: True
become_user: root

View File

@ -36,6 +36,8 @@ WebInterface Yes
# Restrict access to the admin pages... # Restrict access to the admin pages...
<Location /admin> <Location /admin>
AuthType Default
Require user @SYSTEM
Order allow,deny Order allow,deny
</Location> </Location>