From f8b7a321fc50dde73e697eb63b11d655fb24a330 Mon Sep 17 00:00:00 2001
From: Benjamin Blasco <bblasco@redhat.com>
Date: Thu, 5 May 2022 08:49:44 +1000
Subject: [PATCH] Added setting of seuser and selevel for completeness

Added setting of seuser and selevel for completeness
See Issue #106 "RFE: Support for setting seuser in selinux_fcontexts"
https://github.com/linux-system-roles/selinux/issues/106

Added explanation of seuser and selevel parameters

Added -F flag to restorecon to force reset
See "man restorecon" for more detail on -F flag
---
 README.md      | 3 +++
 tasks/main.yml | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 581b5e0..f1aee98 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,9 @@ selinux_booleans:
 selinux_fcontexts:
   - { target: '/tmp/test_dir(/.*)?', setype: 'user_home_dir_t', ftype: 'd', state: 'present' }
 ```
+Users may also pass the following optional parameters:
+- `seuser`: to set the SELinux user
+- `selevel`: to set the MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.
 
 Individual modifications can be dropped by setting `state` to `absent`.
 
diff --git a/tasks/main.yml b/tasks/main.yml
index 83d4236..020a6e3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -69,17 +69,18 @@
     setype: "{{ item.setype }}"
     ftype: "{{ item.ftype | default('a') }}"
     state: "{{ item.state | default('present') }}"
-    # FIXME: selevel, seuser
+    selevel: "{{ item.selevel | default(omit) }}"
+    seuser: "{{ item.seuser | default(omit) }}"
   with_items: "{{ selinux_fcontexts }}"
 
 - name: Restore SELinux labels on filesystem tree
-  command: /sbin/restorecon -R -v {{ item }}
+  command: /sbin/restorecon -R -F -v {{ item }}
   with_items: "{{ selinux_restore_dirs }}"
   register: restorecon_cmd
   changed_when: '"Relabeled" in restorecon_cmd.stdout'
 
 - name: Restore SELinux labels on filesystem tree in check mode
-  command: /sbin/restorecon -R -v -n {{ item }}
+  command: /sbin/restorecon -R -F -v -n {{ item }}
   with_items: "{{ selinux_restore_dirs }}"
   register: restorecon_cmd
   changed_when: '"Would relabel" in restorecon_cmd.stdout'