One of the packages we installed during the last section was policycoreutils-python. This allows us to configure SELinux using Python, and therefore Ansible.
Security-Enhanced Linux (SELinux) was developed by Red Hat and the NSA. It provides a mechanism for supporting access control security policies at the kernel level. These include mandatory access controls used by the United States Department of Defense.
By default, the Vagrant box we are using ships with SELinux enabled. Rather than simply stopping SELinux, we can just permit Apache to run outside of its default /var/www/. To do this, we need to add the following to our role:
- name: set the selinux allowing httpd_t to be permissive
selinux_permissive:
name: httpd_t
permissive: true
Now that Apache is allowed to serve content from our user directory, we can add an index.html file, so we have something other than the default Apache page to serve.