Leave SELinux at default Enforcing mode

Signed-off-by: Anoop C S <anoopcs@redhat.com>
author: Anoop C S <anoopcs@redhat.com> 2020-04-09 08:59:22 +0530
committer: Michael Adam <obnox@samba.org> 2020-04-09 23:20:46 +0200
commit: b8c5cdc317deee331f2be9a5ab7acbeb756f99aa (patch)
tree: 1083a1f79b5697dd25541fa7b6fdc1184b75a258
parent: f768d112bf595a69a5642b723689a6590fabfd48 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/vagrant/ansible/roles/ctdb.setup/tasks/main.yml b/vagrant/ansible/roles/ctdb.setup/tasks/main.yml
index 25133f4..099374a 100644
--- a/vagrant/ansible/roles/ctdb.setup/tasks/main.yml
+++ b/vagrant/ansible/roles/ctdb.setup/tasks/main.yml
@@ -26,10 +26,14 @@
     regexp: "recovery lock"
     insertafter: '\[cluster\]'
 
-- name: Put SELinux in permissive mode, logging actions that would be blocked.
-  selinux:
-    policy: targeted
-    state: permissive
+- name: Install libsemanage-python. This is needed for the seboolean ansible command
+  yum: name=libsemanage-python state=present
+
+- name: SELinux - Allow CTDB to access recovery lockfile from FUSE mount
+  seboolean:
+    name: use_fusefs_home_dirs
+    state: yes
+    persistent: yes
 
 - name: Enable check consistency of databases during startup
   command: '/bin/ctdb event script enable legacy 00.ctdb'
author	Anoop C S <anoopcs@redhat.com>	2020-04-09 08:59:22 +0530
committer	Michael Adam <obnox@samba.org>	2020-04-09 23:20:46 +0200
commit	b8c5cdc317deee331f2be9a5ab7acbeb756f99aa (patch)
tree	1083a1f79b5697dd25541fa7b6fdc1184b75a258
parent	f768d112bf595a69a5642b723689a6590fabfd48 (diff)