From 46c2ba7a0ff561e37368b47832cbfa694bdd9ccb Mon Sep 17 00:00:00 2001
From: Christopher Palmer-Richez <tofu.git@chorky.net>
Date: Thu, 1 Aug 2024 11:51:08 -0400
Subject: [PATCH] Add permissions to backup files.

---
 roles/uki_config/tasks/main.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/uki_config/tasks/main.yaml b/roles/uki_config/tasks/main.yaml
index 469dbc7..3088ecd 100644
--- a/roles/uki_config/tasks/main.yaml
+++ b/roles/uki_config/tasks/main.yaml
@@ -317,6 +317,12 @@
           ansible.builtin.copy:
             content: "{{ ukify_config_backup.content | b64decode }}"
             dest: "{{ ukify_conf_path }}"
+            owner: root
+            group: root
+            mode: 0644
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
         - name: Delete new ukify configuration file
@@ -335,6 +341,12 @@
           ansible.builtin.copy:
             content: "{{ dracut_config_backup.content | b64decode }}"
             dest: "{{ dracut_conf_path }}"
+            owner: root
+            group: root
+            mode: 0644
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
         - name: Delete new dracut configuration file
@@ -342,6 +354,12 @@
           ansible.builtin.file:
             path: "{{ dracut_conf_path }}"
             state: absent
+            owner: root
+            group: root
+            mode: 0644
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
     - name: Restore kernel-install config