aboutsummaryrefslogtreecommitdiff
path: root/roles/webserver
diff options
context:
space:
mode:
authorJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-17 22:53:41 +0100
committerJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-17 22:53:41 +0100
commit701b0d2eb11e7457a26d21d351f83780b7214a58 (patch)
tree9a0bde0e08e20a262b62f46f707372847514aed5 /roles/webserver
parenta1f9766263eb96c52980c8ae09a089630388a21c (diff)
downloadansible-memzero-701b0d2eb11e7457a26d21d351f83780b7214a58.tar.gz
ansible-memzero-701b0d2eb11e7457a26d21d351f83780b7214a58.zip
nginx: relabe www selinux shared ctx
Diffstat (limited to 'roles/webserver')
-rw-r--r--roles/webserver/tasks/main.yml3
1 files changed, 2 insertions, 1 deletions
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index 6f97c60..e2624c4 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -26,7 +26,8 @@
volumes:
# Use 'Z' to privately relable selinux contexts.
- "{{ DATA_ROOT }}/nginx/user_conf.d:/etc/nginx/user_conf.d:ro,Z"
- - "{{ DATA_ROOT }}/nginx/www:/www:ro,Z"
+ # Use 'z' to shared-ly relable selinux contexts.
+ - "{{ DATA_ROOT }}/nginx/www:/www:ro,z"
# All services run in rootless-podman and nginx is the only entry point from
# the outside acting as webserver and reverse proxy.