From 0358919db8d589b9b57534d66958471294e0228b Mon Sep 17 00:00:00 2001
From: ekultails <ekultails@gmail.com>
Date: Tue, 29 Nov 2016 08:54:05 -0500
Subject: [PATCH] add correct SELinux file context for crontabs (#4511) (#4595)

---
 lib/ansible/modules/system/cron.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/ansible/modules/system/cron.py b/lib/ansible/modules/system/cron.py
index e3571a0a904..78492109ad6 100644
--- a/lib/ansible/modules/system/cron.py
+++ b/lib/ansible/modules/system/cron.py
@@ -233,6 +233,12 @@ import tempfile
 import platform
 import pipes
 
+try:
+    import selinux
+    HAS_SELINUX = True
+except ImportError:
+    HAS_SELINUX = False
+
 CRONCMD = "/usr/bin/crontab"
 
 class CronTabError(Exception):
@@ -334,6 +340,10 @@ class CronTab(object):
             if rc != 0:
                 self.module.fail_json(msg=err)
 
+        # set SELinux permissions
+        if HAS_SELINUX:
+            selinux.selinux_lsetfilecon_default(self.cron_file)
+
     def do_comment(self, name):
         return "%s%s" % (self.ansible, name)