Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added DOCUMENTATION to selinux module. #1165

Merged
merged 1 commit into from
Sep 30, 2012
Merged

Added DOCUMENTATION to selinux module. #1165

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
55 changes: 38 additions & 17 deletions library/selinux
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,38 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.

# selinux module - change policy and state of SELinux
# usage:
#
# selinux policy=<SELINUX_POLICY> state=[enforcing|permissive|disabled] configfile=[SELINUX_CONFIG_FILE]
#
# configfile defaults to /etc/selinux/config
# policy files should be installed via the yum/apt modules
#
# bugs:
#
# Not tested on any debian based system
DOCUMENTATION = '''
---
module: selinux
short_description: Change policy and state of SELinux
description:
- Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
version_added: "0.7"
options:
policy:
description:
- "name of the SELinux policy to use (example: 'targeted')"
required: true
default: null
state:
description:
- The SELinux mode
required: true
default: null
choices: [ "enforcing", "permissive", "disabled" ]
conf:
description:
- path to the SELinux configuration file, if non-standard
required: false
default: "/etc/selinux/config"
examples:
- code: selinux policy=targeted state=enforcing
- code: selinux policy=targeted state=disabled
notes:
- Not tested on any debian based system
requirements: [ ]
author: Derek Carter
'''

import os
import re
Expand Down Expand Up @@ -84,7 +105,7 @@ def set_state(state):

def set_config_policy(policy, configfile):
# edit config file with state value
#SELINUXTYPE=targeted
#SELINUXTYPE=targeted
policyline='SELINUXTYPE=%s' % policy
myfile = open(configfile, "r")
lines = myfile.readlines()
Expand Down Expand Up @@ -128,26 +149,26 @@ def main():
if (policy != runtime_policy):
# cannot change runtime policy
msgs.append('reboot to change the loaded policy')
changed=True
changed=True

if (policy != config_policy):
msgs.append('config policy changed from \'%s\' to \'%s\'' % (config_policy, policy))
set_config_policy(policy, configfile)
changed=True
changed=True

if (state != runtime_state):
if (state == 'disabled'):
msgs.append('disabled state will take effect next reboot')
else:
msgs.append('runtime state changed from \'%s\' to \'%s\'' % (runtime_state, state))
set_state(state)
changed=True
changed=True

if (state != config_state):
msgs.append('config state changed from \'%s\' to \'%s\'' % (config_state, state))
set_config_state(state, configfile)
changed=True
changed=True

module.exit_json(changed=changed, msg=', '.join(msgs),
configfile=configfile,
policy=policy, state=state)
Expand Down