diff options
Diffstat (limited to 'test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml')
-rw-r--r-- | test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml b/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml new file mode 100644 index 0000000..1717239 --- /dev/null +++ b/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml @@ -0,0 +1,38 @@ +- name: check selinux config + shell: | + command -v getenforce && + getenforce | grep -E 'Enforcing|Permissive' + ignore_errors: yes + register: selinux_state + +- name: explicitly collect selinux facts + setup: + gather_subset: + - '!all' + - '!any' + - selinux + register: selinux_facts + +- set_fact: + selinux_policytype: "unknown" + +- name: check selinux policy type + shell: grep '^SELINUXTYPE=' /etc/selinux/config | cut -d'=' -f2 + ignore_errors: yes + register: r + +- set_fact: + selinux_policytype: "{{ r.stdout_lines[0] }}" + when: r is success and r.stdout_lines + +- assert: + that: + - selinux_facts is success and selinux_facts.ansible_facts.ansible_selinux is defined + - (selinux_facts.ansible_facts.ansible_selinux.status in ['disabled', 'Missing selinux Python library'] if selinux_state is not success else True) + - (selinux_facts.ansible_facts.ansible_selinux.status == 'enabled' if selinux_state is success else True) + - (selinux_facts.ansible_facts.ansible_selinux.mode in ['enforcing', 'permissive'] if selinux_state is success else True) + - (selinux_facts.ansible_facts.ansible_selinux.type == selinux_policytype if selinux_state is success else True) + +- name: run selinux tests + include_tasks: selinux.yml + when: selinux_state is success |