From e80087df93775b8ea16fbecef8946682e5ba6479 Mon Sep 17 00:00:00 2001
From: Bas <bas.meijer@enexis.nl>
Date: Wed, 24 Dec 2025 12:10:31 +0100
Subject: [PATCH] Fix for #12435 - setting timezone under SELinux. (#12436)

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
---
 .../tasks/0081-ntp-configurations.yml         | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
index 7d41224a3..2bd5bc397 100644
--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -74,8 +74,33 @@
     - not is_fedora_coreos
     - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
 
-- name: Set timezone
+- name: Gather selinux facts
+  ansible.builtin.setup:
+    gather_subset: selinux
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+
+- name: Put SELinux in permissive mode, logging actions that would be blocked.
+  ansible.posix.selinux:
+    policy: targeted
+    state: permissive
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+    - ansible_facts.selinux.mode == 'enforcing'
+
+- name: Set ntp_timezone
   community.general.timezone:
     name: "{{ ntp_timezone }}"
   when:
     - ntp_timezone
+
+- name: Re-enable SELinux
+  ansible.posix.selinux:
+    policy: targeted
+    state: "{{ preinstall_selinux_state }}"
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+    - ansible_facts.selinux.status == 'enabled'