anubis-el: set correct selinux labels for podman

selinux was preventing anubis from reading its policy file.
So, set the right context here so it is happy.

Note that we cannot use :Z in the podman call, because it runs as the
anubis user which cannot chcon those files on the host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/anubis-el/tasks/main.yml

@@ -84,6 +84,25 @@
   - config
   - anubis
 
+- name: Set SELinux context for anubis directory
+  community.general.sefcontext:
+    target: "/srv/anubis(/.*)?"
+    setype: container_file_t
+    state: present
+  tags:
+  - config
+  - anubis
+  - selinux
+
+- name: Apply SELinux changes to anubis directory
+  ansible.builtin.command: restorecon -irv "/srv/anubis/"
+  register: restorecon_output
+  changed_when: restorecon_output.stdout is defined and restorecon_output.stdout | length > 0
+  tags:
+  - config
+  - anubis
+  - selinux
+
 # This service calls podman to pull the anubis container,
 # then sets various env variables for the service and runs it.