Server Fault Asked by Nona on February 22, 2021
Here is the relevant portion of the ansible file:
- name: "Create bond user"
user:
user: bond
shell: /bin/bash
- name: "Allow bond agent to be run"
sefcontext:
target: "/home/bond/bond_agent"
seuser: system_u
setype: bin_t
state: present
- name: "Create bond agent directory"
file:
path: "/home/bond/bond_agent"
state: directory
mode: 0500
owner: bond
group: bond
- name: "Copy bond agent binary"
copy:
src: bond-agent
dest: /home/bond/bond_agent/bond-agent
owner: bond
group: bond
mode: 0555
- name: "Copy bond agent config file"
template:
src: bond-agent.yml.j2
dest: /home/bond/bond_agent/bond-agent.yml
owner: bond
group: bond
mode: 0555
- name: "Apply new SELinux file context to /bond_agent directory"
command: restorecon -irv /home/bond/bond_agent
After running the ansible playbook, doing ls -laZ on /home/bond/bond_agent, I see:
dr-x------. 2 bond bond unconfined_u:object_r:bin_t:s0 117 Sep 16 13:21 bond_agent
Running semanage fcontext -l -C I see:
SELinux fcontext type Context
/home/bond/bond_agent all files system_u:object_r:bin_t:s0
/bond_agent all files system_u:object_r:bin_t:s0
SELinux Local fcontext Equivalence
/bond_agent/bond-agent = /bond_agent
bond-agent = bond-agent.yml
New to CentOS (CentOS Linux release 8.2.2004) + ansible so I’m not quite sure what’s going on or how to solve it.
You need to include "-F" to restorecon when changing seuser. restorecon only changes the type by default.
Answered by mtovey on February 22, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP