From: Dimitri Savineau <dsavinea@redhat.com>
Date: Mon, 6 Jan 2020 14:09:42 +0000 (-0500)
Subject: ceph-nfs: add ganesha_t type to selinux
X-Git-Tag: v4.0.7~6
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=56f1b232a5b7d6bf0aadfb412ceebbb56e7a6f64;p=ceph-ansible.git

ceph-nfs: add ganesha_t type to selinux

Since RHEL 8.1 we need to add the ganesha_t type to the permissive
SELinux list.
Otherwise the nfs-ganesha service won't start.
This was done on RHEL 7 previously and part of the nfs-ganesha-selinux
package on RHEL 8.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1786110

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit d75812529069244734732d05cc5aa3ddbc99b7c5)
---

diff --git a/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml b/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
index 2d568af0a..f739b32d7 100644
--- a/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
+++ b/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
@@ -17,17 +17,16 @@
       until: result is succeeded
       when: ansible_distribution_major_version == '7'
 
-    - name: add ganesha_t to permissive domain
-      selinux_permissive:
-        name: ganesha_t
-        permissive: true
-      failed_when: false
-      when: ansible_distribution_major_version == '7'
-
-    - name: install nfs-ganesha-selinux on RHEL 8
+    - name: install nfs-ganesha-selinux and python3-policycoreutils on RHEL 8
       package:
-        name: nfs-ganesha-selinux
+        name: ['nfs-ganesha-selinux', 'python3-policycoreutils']
         state: present
       register: result
       until: result is succeeded
       when: ansible_distribution_major_version == '8'
+
+    - name: add ganesha_t to permissive domain
+      selinux_permissive:
+        name: ganesha_t
+        permissive: true
+      failed_when: false