Idempotentifies "Add SEmodule to fix SELinux issue: zabbix_alerter.sock" task for Zabbix Server

[tux-repos]

SUMMARY

The way SELinux was initially applied resulted in a "CHANGED" every time the task was executed.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

zabbix_server

ADDITIONAL INFORMATION

Originally the SELinux context was applied using a .bsx file, this seems to be some sort of self-extracting shell script.
I have taken the steps that were used in that file and translated them into Ansible tasks, this also makes the play more transparent and also idempotent.

With a little bit of elbow grease you could apply these same steps for #1340 and resolve this issue as it stems from the same cause.

[eb4x]

I've been meaning of getting around to that annoying selinux compiled file, cause I'm not that fond of it either. If you've reversed its content and it's represented in the .te file you provided, maybe we should just drop this part completely and install the zabbix-selinux-policy package from zabbix themselves?

https://www.zabbix.com/documentation/current/en/manual/installation/install_from_packages/rhel#selinux-configuration

I've just held off on this because it might break the original contributors setup, but the contents of zabbix-selinux-policy seems to have most of it covered, provided here for convenience;

module zabbix_policy 1.2;
require {
  type zabbix_t;
  type zabbix_port_t;
  type zabbix_var_run_t;
  type postgresql_port_t;
  type httpd_t;
  class tcp_socket name_connect;
  class sock_file { create unlink };
  class unix_stream_socket connectto;
}
#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_port_t:tcp_socket name_connect;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file unlink;
allow httpd_t zabbix_port_t:tcp_socket name_connect;
#============= httpd_t ==============
allow httpd_t postgresql_port_t:tcp_socket name_connect;

Curious to know what @pyrodie18 and @BGmot think?