Default global option for stats socket incompatible with SELinux defaults

[kvisle]

Describe the Bug

The default location of the stats socket is not legal in default SELinux, thus preventing haproxy to start by default.

Expected Behavior

The stats socket to be put in a legal location:

[root@acme01 ~]# semanage fcontext -l | grep haproxy | grep socket
/var/run/haproxy\.sock.*                           socket             system_u:object_r:haproxy_var_run_t:s0

Steps to Reproduce

Steps to reproduce the behavior:

1. include the haproxy module on a system running selinux (that is enforcing)
2. Watch haproxy fail to start:

Jul 01 08:47:13 acme01.acme.org haproxy[5649]: [NOTICE]   (5649) : haproxy version is 2.4.7-b5e51a5
Jul 01 08:47:13 acme01.acme.org haproxy[5649]: [NOTICE]   (5649) : path to executable is /usr/sbin/haproxy
Jul 01 08:47:13 acme01.acme.org haproxy[5649]: [ALERT]    (5649) : Starting frontend GLOBAL: error when trying to preserve previous UNIX socket (Permission denied) [/var/lib/haproxy/stats]
Jul 01 08:47:13 acme01.acme.org haproxy[5649]: [ALERT]    (5649) : [/usr/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.

Environment

• haproxy module v6.3.0
• Rocky Linux 8
• Puppet 6.27.0

Additional Context

Add any other context about the problem here.

[github-actions]

This issue has been marked as stale because it has been open for a while and has had no recent activity. If this issue is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.

[kvisle]

This issue is still valid.

[github-actions]

This issue has been marked as stale because it has been open for a while and has had no recent activity. If this issue is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.

[ThiefMaster]

This is very much NOT completed... Please reopen.