From 6d70ac83d66d2ebde104a409f8de5c9a9e1b8c3e Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sat, 19 Oct 2019 15:34:22 +0200
Subject: [PATCH] small refactoring

---
 defaults/main.yml                      |  6 ++++--
 molecule/default/tests/test_default.py |  1 -
 tasks/setup.yml                        | 11 +++++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 179b602..97ee6de 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
-selinux_enabled: True
+selinux_packages:
+  - policycoreutils-python 
+
 selinux_policy: "targeted"
-selinux_state: "permissive"
+selinux_state: "{{ ansible_selinux.config_mode }}"
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index e51f364..e0f84b3 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -12,4 +12,3 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def test_selinux_setup(host):
     assert host.command.check_output("/usr/sbin/getenforce") == "Enforcing"
     assert host.package("policycoreutils-python").is_installed
-    assert host.file("/.autorelabel").exists
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 8f9b488..999ca1a 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -1,5 +1,15 @@
 ---
+- name: Set current selinux policy
+  set_fact:
+     selinux_current: "{{ ansible_selinux.config_mode }}"
+
 - block:
+    - name: Install dependencies
+      package:
+        name: "{{ item }}"
+        state: present
+      loop: "{{ selinux_packages }}"
+
     - name: Set selinux policy
       selinux:
         policy: "{{ selinux_policy }}"
@@ -12,6 +22,7 @@
         state: touch
       when:
         - selinux_state == "enforcing"
+        - selinux_current == "disabled"
         - __sestatus.changed
   become: True
   become_user: root