blob: 7687223115f3591932ec6894c099aab78fd33aec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
- name: check selinux config
shell: |
command -v getenforce &&
getenforce | grep -E 'Enforcing|Permissive'
ignore_errors: yes
register: selinux_state
- name: explicitly collect selinux facts
setup:
gather_subset:
- '!all'
- '!any'
- selinux
register: selinux_facts
- set_fact:
selinux_policytype: "unknown"
- name: check selinux policy type
shell: grep '^SELINUXTYPE=' /etc/selinux/config | cut -d'=' -f2
ignore_errors: yes
register: r
- set_fact:
selinux_policytype: "{{ r.stdout_lines[0] | trim }}"
when: r is success and r.stdout_lines
- assert:
that:
- selinux_facts is success and selinux_facts.ansible_facts.ansible_selinux is defined
- (selinux_facts.ansible_facts.ansible_selinux.status in ['disabled', 'Missing selinux Python library'] if selinux_state is not success else True)
- (selinux_facts.ansible_facts.ansible_selinux.status == 'enabled' if selinux_state is success else True)
- (selinux_facts.ansible_facts.ansible_selinux.mode in ['enforcing', 'permissive'] if selinux_state is success else True)
- (selinux_facts.ansible_facts.ansible_selinux.type == selinux_policytype if selinux_state is success else True)
- name: run selinux tests
include_tasks: selinux.yml
when: selinux_state is success
|