This commit is contained in:
parent
aad6658d0c
commit
6d70ac83d6
@ -1,4 +1,6 @@
|
|||||||
---
|
---
|
||||||
selinux_enabled: True
|
selinux_packages:
|
||||||
|
- policycoreutils-python
|
||||||
|
|
||||||
selinux_policy: "targeted"
|
selinux_policy: "targeted"
|
||||||
selinux_state: "permissive"
|
selinux_state: "{{ ansible_selinux.config_mode }}"
|
||||||
|
|||||||
@ -12,4 +12,3 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|||||||
def test_selinux_setup(host):
|
def test_selinux_setup(host):
|
||||||
assert host.command.check_output("/usr/sbin/getenforce") == "Enforcing"
|
assert host.command.check_output("/usr/sbin/getenforce") == "Enforcing"
|
||||||
assert host.package("policycoreutils-python").is_installed
|
assert host.package("policycoreutils-python").is_installed
|
||||||
assert host.file("/.autorelabel").exists
|
|
||||||
|
|||||||
@ -1,5 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
- name: Set current selinux policy
|
||||||
|
set_fact:
|
||||||
|
selinux_current: "{{ ansible_selinux.config_mode }}"
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
- name: Install dependencies
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop: "{{ selinux_packages }}"
|
||||||
|
|
||||||
- name: Set selinux policy
|
- name: Set selinux policy
|
||||||
selinux:
|
selinux:
|
||||||
policy: "{{ selinux_policy }}"
|
policy: "{{ selinux_policy }}"
|
||||||
@ -12,6 +22,7 @@
|
|||||||
state: touch
|
state: touch
|
||||||
when:
|
when:
|
||||||
- selinux_state == "enforcing"
|
- selinux_state == "enforcing"
|
||||||
|
- selinux_current == "disabled"
|
||||||
- __sestatus.changed
|
- __sestatus.changed
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user