From 9f163b2bf5c11c219240caaf32be8bcdea5e033c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 20 Dec 2018 15:21:45 +0200 Subject: [PATCH] Do not disable SELinux on RedHat systems It looks like SELinux can be left running without any (so far) negative effects on our Matrix services. There's no need to use `:z` or `:Z` options when mounting volumes either. This means that files we create are labeled with a default context (which may not be ideal if we only want them used from containers), but it's compatible and doesn't cause issues. Relabelling files is probably something we wish to stay away from, especially for things like the media store, which contains lots of files and is possibly on a fuse-mounted (S3/goofys) filesystem. --- roles/matrix-server/tasks/setup/setup_base.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/matrix-server/tasks/setup/setup_base.yml b/roles/matrix-server/tasks/setup/setup_base.yml index 20ba7a1fc..14c288d73 100644 --- a/roles/matrix-server/tasks/setup/setup_base.yml +++ b/roles/matrix-server/tasks/setup/setup_base.yml @@ -79,7 +79,3 @@ name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}" state: started enabled: yes - -- name: Ensure SELinux disabled - selinux: state=disabled - when: ansible_os_family == 'RedHat' \ No newline at end of file