WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add a role to compile, build and install custom selinux policies

Browse Source 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon
2020-11-10 15:33:54 +01:00
parent d58d1bd208
commit a6a5686038
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
roles/selinux/module/tasks/main.yml Normal file
View File

@@ -0,0 +1,42 @@
---
# Builds and install a custom SELinux policy module.
#
# The policy file (.te) should be in the source of the
#
# Required parameters:
#
# - policy_file (str): the file containing custom SELinux policy to build and
# install.
# - policy_name (str): the name of the custom SELinux policy to build and
# install.
- name: copy over our custom selinux module
copy: src="{{ policy_file }}" dest="/usr/local/share/{{ policy_name }}.te"
register: selinux_module
tags:
- selinux
- selinux/module
- name: Build our custom selinux module
command: checkmodule -M -m -o /usr/local/share/{{ policy_name }}.mod /usr/local/share/{{ policy_name }}.te
when: selinux_module is changed
tags:
- selinux
- selinux/module
- name: Compile our custom selinux module
command: semodule_package -o /usr/local/share/{{ policy_name }}.pp -m /usr/local/share/{{ policy_name }}.mod
when: selinux_module is changed
tags:
- selinux
- selinux/module
- name: install our custom selinux module
command: semodule -i /usr/local/share/{{ policy_name }}.pp
when: selinux_module is changed
tags:
- selinux
- selinux/module