---
# selinux_containers/tasks/storage.yml
- name: Set SELinux context for storage mounts
  become: true
  community.general.sefcontext:
    target: "{{ item }}(/.*)?"
    setype: container_file_t
    state: present
  loop: "{{ storage_backends }}"
  when: "'nas' in group_names"
  
- name: Apply SELinux context (storage)
  become: true
  command: restorecon -R -F -v "{{ item }}"
  loop: "{{ storage_backends }}"
  changed_when: false
  when: "'nas' in group_names"