From 5fcc2a80e5ab8402989ddde9d6e25236bf262713 Mon Sep 17 00:00:00 2001
From: Martin Pitt <mpitt@redhat.com>
Date: Fri, 6 Dec 2024 14:28:38 +0100
Subject: [PATCH] ansible: Fix podman socket SELinux context on AWS

On Fedora CoreOS, SELinux wants the socket path in /run, while on Fedora
40 (on our PSI runners) it wants to go via /var/run. Specify both paths
so that it works everywhere.
---
 ansible/roles/tasks-systemd/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/tasks-systemd/tasks/main.yml b/ansible/roles/tasks-systemd/tasks/main.yml
index 9f9c7306..a1705f5f 100644
--- a/ansible/roles/tasks-systemd/tasks/main.yml
+++ b/ansible/roles/tasks-systemd/tasks/main.yml
@@ -10,7 +10,7 @@
     dest: /tmp/cockpituous.fc
     mode: 0644
     content: |
-      /var/run/podman/podman.sock    system_u:object_r:container_file_t:s0
+      {,/var}/run/podman/podman.sock    system_u:object_r:container_file_t:s0
   register: selinux_policy_fc
 
 - name: Create custom SELinux policy type enforcements