Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make policy only be required if state is not disabled #1388

Merged
merged 1 commit into from
Oct 19, 2012
Merged

make policy only be required if state is not disabled #1388

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
34 changes: 23 additions & 11 deletions library/selinux
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ version_added: "0.7"
options:
policy:
description:
- "name of the SELinux policy to use (example: 'targeted')"
required: true
- "name of the SELinux policy to use (example: 'targeted') will be required if state is not 'disabled'"
required: false
default: null
state:
description:
Expand All @@ -44,11 +44,12 @@ options:
default: "/etc/selinux/config"
examples:
- code: selinux policy=targeted state=enforcing
- code: selinux policy=targeted state=disabled
- code: selinux policy=targeted state=permissive
- code: selinux state=disabled
notes:
- Not tested on any debian based system
requirements: [ ]
author: Derek Carter
requirements: [ libselinux-python ]
author: Derek Carter <goozbach@friocorte.com>
'''

import os
Expand Down Expand Up @@ -101,7 +102,7 @@ def set_state(state):
pass
else:
msg = 'trying to set invalid runtime state %s' % state
fail_json(msg=msg)
module.fail_json(msg=msg)

def set_config_policy(policy, configfile):
# edit config file with state value
Expand All @@ -117,11 +118,11 @@ def set_config_policy(policy, configfile):

def main():
if (not HAVE_SELINUX):
fail_json(msg='python-selinux required for this module')
module.fail_json(msg='python-selinux required for this module')

module = AnsibleModule(
argument_spec = dict(
policy=dict(required=True),
policy=dict(required=False),
state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True),
configfile=dict(aliases=['conf','file'], default='/etc/selinux/config')
)
Expand All @@ -145,6 +146,14 @@ def main():
config_policy = get_config_policy(configfile)
config_state = get_config_state(configfile)

# check to see if policy is set if state is not 'disabled'
if (state != 'disabled'):
if (policy == '' or policy == None):
module.fail_json(msg='policy is required if state is not \'disabled\'')
else:
if (policy == '' or policy == None):
policy = config_policy

# check changed values and run changes
if (policy != runtime_policy):
# cannot change runtime policy
Expand All @@ -158,10 +167,13 @@ def main():

if (state != runtime_state):
if (state == 'disabled'):
msgs.append('disabled state will take effect next reboot')
msgs.append('state change will take effect next reboot')
else:
msgs.append('runtime state changed from \'%s\' to \'%s\'' % (runtime_state, state))
set_state(state)
if (runtime_enabled):
set_state(state)
msgs.append('runtime state changed from \'%s\' to \'%s\'' % (runtime_state, state))
else:
msgs.append('state change will take effect next reboot')
changed=True

if (state != config_state):
Expand Down