From 52938efac3b433cc7a85b9685c7941a5fc581b70 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Fri, 22 Nov 2019 11:39:47 +0100
Subject: [PATCH] add selinux settings for custom logfile location

---
 defaults/main.yml |  6 ++++++
 tasks/main.yml    |  2 ++
 tasks/selinux.yml | 15 +++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 tasks/selinux.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 0cb68b2..777ed7b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -30,6 +30,12 @@ jellyfin_packages_extra: []
 jellyfin_log_level_console: Fatal
 jellyfin_log_level_file: Information
 
+jellyfin_selinux_fcontext: 
+  - target: "{{ jellyfin_log_dir }}(/.*)?"
+    setype: var_log_t
+jellyfin_selinux_restorecon:
+  - "-ir {{ jellyfin_log_dir }}"
+
 # @var jellyfin_http_bind_port:description: >
 # DONT change it! Changing the bind ports is currently not supported.
 # @end
diff --git a/tasks/main.yml b/tasks/main.yml
index 9218de3..2f0990f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,6 @@
 ---
 - include_tasks: prepare.yml
 - include_tasks: install.yml
+- include_tasks: selinux.yml
+  when: ansible_selinux.status == "enabled"
 - include_tasks: post_tasks.yml
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
new file mode 100644
index 0000000..09bf553
--- /dev/null
+++ b/tasks/selinux.yml
@@ -0,0 +1,15 @@
+---
+- block:
+    - name: Add SELinux file context mapping definitions
+      sefcontext:
+        target: "{{ item.target }}"
+        setype: "{{ item.setype }}"
+        state: present
+      loop: "{{ jellyfin_selinux_fcontext }}"
+
+    - name: Apply new SELinux file context to filesystem
+      command: "restorecon {{ item }}"
+      loop: "{{ jellyfin_selinux_restorecon }}"
+      changed_when: False
+  become: True
+  become_user: root