---
- block:
    - name: Add SELinux file context mapping definitions
      sefcontext:
        target: "{{ item.target }}"
        setype: "{{ item.setype }}"
        state: present
      loop:
        - { target: '/opt/brother', setype: 'bin_t' }
        - { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
        - { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
        - { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
        - { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
      notify: __cupsd_restart

    - name: Apply new SELinux file context to filesystem
      command: "restorecon {{ item }}"
      loop:
        - -R /opt/brother
        - -R /etc/opt/brother
        - -R /opt/brother/Printers
        - -RFv /usr/lib/cups/filter
      changed_when: False
      notify: __cupsd_restart

    - name: Allow cups execmem/execstack
      seboolean:
        name: cups_execmem
        state: yes
        persistent: yes
      notify: __cupsd_restart
  become: True
  become_user: root