SELinux Nginx socket write Ansible

nginx_socket_write.te

module nginx_socket_write 1.0;

require {
        type httpd_t;
        type var_t;
        type http_cache_port_t;
        class sock_file write;
        class tcp_socket name_connect;
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t http_cache_port_t:tcp_socket name_connect;

#!!!! This avc is allowed in the current policy
allow httpd_t var_t:sock_file write;

nginx_socket_write.yml

---
- name: "SELinux - allow nginx write to socket - check if module was loaded"
  shell: "semodule --list-modules | grep nginx_socket_write"
  register: nginx_socket_write_loaded
  ignore_errors: true

- name: "SELinux - allow nginx write to socket - copy type enforcement file"
  template:
      src: nginx_socket_write.te
      dest: /root/nginx_socket_write.te
      mode: 0644
  when: nginx_socket_write_loaded|failed

- name: "SELinux - allow nginx write to socket - checkmodule"
  command: "checkmodule -M -m -o nginx_socket_write.mod nginx_socket_write.te"
  args:
      chdir: /root
      creates: nginx_socket_write.mod
  when: nginx_socket_write_loaded|failed

- name: "SELinux - allow nginx write to socket - semodule_package"
  command: "semodule_package -o nginx_socket_write.pp -m nginx_socket_write.mod"
  args:
      chdir: /root
      creates: nginx_socket_write.pp
  when: nginx_socket_write_loaded|failed

- name: "SELinux - allow nginx write to socket - semodule install"
  command: "semodule -i nginx_socket_write.pp"
  when: nginx_socket_write_loaded|failed