From 0cb32a7b304e97b5ee04d8d3fa32d2f09302d837 Mon Sep 17 00:00:00 2001
From: ekultails <ekultails@gmail.com>
Date: Tue, 29 Nov 2016 08:54:05 -0500
Subject: add correct SELinux file context for crontabs (#4511) (#4595)

---
 system/cron.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/system/cron.py b/system/cron.py
index 9dd5b5c9..b747a8cf 100644
--- a/system/cron.py
+++ b/system/cron.py
@@ -233,6 +233,12 @@ import tempfile
 import platform
 import pipes
 
+try:
+    import selinux
+    HAS_SELINUX = True
+except ImportError:
+    HAS_SELINUX = False
+
 CRONCMD = "/usr/bin/crontab"
 
 class CronTabError(Exception):
@@ -334,6 +340,10 @@ class CronTab(object):
             if rc != 0:
                 self.module.fail_json(msg=err)
 
+        # set SELinux permissions
+        if HAS_SELINUX:
+            selinux.selinux_lsetfilecon_default(self.cron_file)
+
     def do_comment(self, name):
         return "%s%s" % (self.ansible, name)
 
-- 
cgit v1.2.1