xoxys.cups/tasks/selinux.yml
Robert Kaussow a5074b4963
All checks were successful
continuous-integration/drone/push Build is passing
fix idempotency for command
2019-02-12 23:34:25 +01:00

34 lines
1.1 KiB
YAML

---
- block:
- name: Add SELinux file context mapping definitions
sefcontext:
target: "{{ item.target }}"
setype: "{{ item.setype }}"
state: present
loop:
- { target: '/opt/brother', setype: 'bin_t' }
- { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
- { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
- { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
- { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
notify: __cupsd_restart
- name: Apply new SELinux file context to filesystem
command: "restorecon {{ item }}"
loop:
- -R /opt/brother
- -R /etc/opt/brother
- -R /opt/brother/Printers
- -RFv /usr/lib/cups/filter
changed_when: False
notify: __cupsd_restart
- name: Allow cups execmem/execstack
seboolean:
name: cups_execmem
state: yes
persistent: yes
notify: __cupsd_restart
become: True
become_user: root