diff --git a/changelogs/.gitignore b/changelogs/.gitignore new file mode 100644 index 0000000000..6be6b5331d --- /dev/null +++ b/changelogs/.gitignore @@ -0,0 +1 @@ +/.plugin-cache.yaml diff --git a/changelogs/fragments/.empty b/changelogs/fragments/.empty new file mode 100644 index 0000000000..e69de29bb2 diff --git a/changelogs/fragments/23-selinux-doesnt-create-missing-config-keys b/changelogs/fragments/23-selinux-doesnt-create-missing-config-keys new file mode 100644 index 0000000000..cd3278463b --- /dev/null +++ b/changelogs/fragments/23-selinux-doesnt-create-missing-config-keys @@ -0,0 +1,3 @@ +--- +bugfixes: + - selinux - add missing configuration keys for /etc/selinux/config (https://github.com/ansible-collections/ansible.posix/issues/23) diff --git a/plugins/modules/selinux.py b/plugins/modules/selinux.py index 1e251b0744..7b2fbf7521 100644 --- a/plugins/modules/selinux.py +++ b/plugins/modules/selinux.py @@ -125,9 +125,15 @@ def set_config_state(module, state, configfile): tmpfd, tmpfile = tempfile.mkstemp() with open(tmpfile, "w") as write_file: + line_found = False for line in lines: + if re.match(r'^SELINUX=.*$', line): + line_found = True write_file.write(re.sub(r'^SELINUX=.*', stateline, line) + '\n') + if not line_found: + write_file.write('SELINUX=%s\n' % state) + module.atomic_move(tmpfile, configfile) @@ -155,9 +161,15 @@ def set_config_policy(module, policy, configfile): tmpfd, tmpfile = tempfile.mkstemp() with open(tmpfile, "w") as write_file: + line_found = False for line in lines: + if re.match(r'^SELINUXTYPE=.*$', line): + line_found = True write_file.write(re.sub(r'^SELINUXTYPE=.*', policyline, line) + '\n') + if not line_found: + write_file.write('SELINUXTYPE=%s\n' % policy) + module.atomic_move(tmpfile, configfile) diff --git a/tests/integration/targets/selinux/tasks/selinux.yml b/tests/integration/targets/selinux/tasks/selinux.yml index 7fcba899cf..6771f323c0 100644 --- a/tests/integration/targets/selinux/tasks/selinux.yml +++ b/tests/integration/targets/selinux/tasks/selinux.yml @@ -362,3 +362,79 @@ - (_check_mode_test5.warnings | length ) >= 1 - ansible_selinux.config_mode == 'disabled' - ansible_selinux.type == 'targeted' + +# Fifth Test +# ############################################################################## +# Remove SELINUX and SELINUXTYPE keys from /etc/selinux/config and make +# sure the module re-adds the expected lines + +- name: TEST 5 | Remove SELINUX key from /etc/selinux/config + lineinfile: + path: /etc/selinux/config + regexp: '^SELINUX=' + state: absent + backup: yes + register: _lineinfile_out1 + +- debug: + var: _lineinfile_out1 + verbosity: 1 + +- name: TEST 5 | Set SELinux to enforcing + selinux: + state: enforcing + policy: targeted + register: _set_enforcing1 + +- name: TEST 5 | Re-gather facts + setup: + +- debug: + var: ansible_selinux + verbosity: 1 + +- name: TEST 5 | Assert that SELINUX key is populated + assert: + that: + - _set_enforcing1 is success + - _set_enforcing1 is changed + - _set_enforcing1.state == 'enforcing' + - ansible_selinux.config_mode == 'enforcing' + +- name: TEST 5 | Remove SELINUXTYPE key from /etc/selinux/config + lineinfile: + path: /etc/selinux/config + regexp: '^SELINUXTYPE=' + state: absent + register: _lineinfile_out2 + +- debug: + var: _lineinfile_out2 + verbosity: 1 + +- name: TEST 5 | Set SELinux Policy to targeted + selinux: + state: enforcing + policy: targeted + register: _set_policy2 + +- name: TEST 5 | Re-gather facts + setup: + +- debug: + var: ansible_selinux + verbosity: 1 + +- name: TEST 5 | Assert that SELINUXTYPE key is populated + assert: + that: + - _set_policy2 is success + - _set_policy2 is changed + - _set_policy2.policy == 'targeted' + - ansible_selinux.type == 'targeted' + +- name: TEST 5 | Restore original SELinux config file /etc/selinux/config + copy: + dest: /etc/selinux/config + src: "{{ _lineinfile_out1['backup'] }}" + remote_src: yes