summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml
blob: 7687223115f3591932ec6894c099aab78fd33aec (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
- name: check selinux config
  shell: |
    command -v getenforce &&
    getenforce | grep -E 'Enforcing|Permissive'
  ignore_errors: yes
  register: selinux_state

- name: explicitly collect selinux facts
  setup:
    gather_subset:
    - '!all'
    - '!any'
    - selinux
  register: selinux_facts

- set_fact:
    selinux_policytype: "unknown"

- name: check selinux policy type
  shell: grep '^SELINUXTYPE=' /etc/selinux/config | cut -d'=' -f2
  ignore_errors: yes
  register: r

- set_fact:
    selinux_policytype: "{{ r.stdout_lines[0] | trim }}"
  when: r is success and r.stdout_lines

- assert:
    that:
    - selinux_facts is success and selinux_facts.ansible_facts.ansible_selinux is defined
    - (selinux_facts.ansible_facts.ansible_selinux.status in ['disabled', 'Missing selinux Python library'] if selinux_state is not success else True)
    - (selinux_facts.ansible_facts.ansible_selinux.status == 'enabled' if selinux_state is success else True)
    - (selinux_facts.ansible_facts.ansible_selinux.mode in ['enforcing', 'permissive'] if selinux_state is success else True)
    - (selinux_facts.ansible_facts.ansible_selinux.type == selinux_policytype if selinux_state is success else True)

- name: run selinux tests
  include_tasks: selinux.yml
  when: selinux_state is success