From 28fbdff74b4531441e2588bc0d55bcc51c65e367 Mon Sep 17 00:00:00 2001
From: genofire <geno+ccc@fireorbit.de>
Date: Mon, 26 Oct 2020 23:31:57 +0100
Subject: [PATCH] Make HAProxy use its new chroot jail in /var/run/haproxy.

Fixes #19
---
 roles/haproxy/tasks/main.yml          | 8 ++++++++
 roles/haproxy/templates/global.cfg.j2 | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 8e3bebc..e458f46 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -31,6 +31,14 @@
     opts: rw,size=128m,mode=750,uid=20000,gid=20000,late
     state: mounted
 
+- name: Create /var/run/haproxy
+  file:
+    path: /var/run/haproxy
+    state: directory
+    owner: root
+    group: wheel
+    mode: 0755
+
 - name: Create HAProxy service directories
   file:
     path: '/etc/s6-rc/service/{{ item }}'
diff --git a/roles/haproxy/templates/global.cfg.j2 b/roles/haproxy/templates/global.cfg.j2
index 58da31c..35a4216 100644
--- a/roles/haproxy/templates/global.cfg.j2
+++ b/roles/haproxy/templates/global.cfg.j2
@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 global
-        chroot		/var/empty
+        chroot		/var/run/haproxy
         log     	stdout format raw local0 info
         user    	haproxy
         group   	haproxy