Ansible: enable SELinux httpd_tmp_exec

commit: 6663206a81ddb1794e5ba09b09c0ca001a99c9b8 [log] [tgz]
author: Marcus Christie <machrist@iu.edu> Fri Jan 22 16:51:16 2021 -0500
committer: Marcus Christie <machrist@iu.edu> Fri Jan 22 16:51:16 2021 -0500
tree: 43b8986f920fa826e9a00f776a49bfcbbea7799a
parent: e6dc2231566c9d206cb70eb566cbbf65c60350ee [diff]
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index c819c14..007b448 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml

@@ -251,6 +251,16 @@
   become: yes
   when: ansible_os_family == "RedHat"
 
+# some Python libraries want to write files to /tmp and execute them, see
+# https://bugzilla.redhat.com/show_bug.cgi?id=645193 for more details
+- name: Allow Django code to exec in tmp directory
+  seboolean:
+    name: httpd_tmp_exec
+    state: yes
+    persistent: yes
+  become: yes
+  when: ansible_os_family == "RedHat"
+
 - name: run restorecon on those directories
   command: restorecon -F -R {{ doc_root_dir }}
   become: yes
commit	6663206a81ddb1794e5ba09b09c0ca001a99c9b8	[log] [tgz]
author	Marcus Christie <machrist@iu.edu>	Fri Jan 22 16:51:16 2021 -0500
committer	Marcus Christie <machrist@iu.edu>	Fri Jan 22 16:51:16 2021 -0500
tree	43b8986f920fa826e9a00f776a49bfcbbea7799a
parent	e6dc2231566c9d206cb70eb566cbbf65c60350ee [diff]