From 9cbbc3f63052bef0b6a697e066e092a5f9722ce8 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Mon, 22 Feb 2021 17:11:05 -0800 Subject: [PATCH] Patch23: selinux-ansible-test-issues.diff --- .sanity-ansible-ignore-2.10.txt | 2 ++ .sanity-ansible-ignore-2.9.txt | 2 ++ library/selogin.py | 26 ++++++++++----------- tests/setup_module_utils.sh | 41 --------------------------------- 4 files changed, 16 insertions(+), 55 deletions(-) create mode 100644 .sanity-ansible-ignore-2.10.txt create mode 100644 .sanity-ansible-ignore-2.9.txt delete mode 100755 tests/setup_module_utils.sh diff --git a/.sanity-ansible-ignore-2.10.txt b/.sanity-ansible-ignore-2.10.txt new file mode 100644 index 0000000..5f8ce1e --- /dev/null +++ b/.sanity-ansible-ignore-2.10.txt @@ -0,0 +1,2 @@ +plugins/modules/selogin.py no-get-exception +plugins/modules/selogin.py validate-modules!skip diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt new file mode 100644 index 0000000..5f8ce1e --- /dev/null +++ b/.sanity-ansible-ignore-2.9.txt @@ -0,0 +1,2 @@ +plugins/modules/selogin.py no-get-exception +plugins/modules/selogin.py validate-modules!skip diff --git a/library/selogin.py b/library/selogin.py index b785c27..6e3fd32 100644 --- a/library/selogin.py +++ b/library/selogin.py @@ -15,6 +15,9 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . +from __future__ import absolute_import, division, print_function + +__metaclass__ = type ANSIBLE_METADATA = { "status": ["preview"], @@ -22,13 +25,14 @@ ANSIBLE_METADATA = { "version": "1.0", } -DOCUMENTATION = """ +DOCUMENTATION = r""" --- module: selogin short_description: Manages linux user to SELinux user mapping description: - - Manages linux user to SELinux user mapping -version_added: "1.0" + - "WARNING: Do not use this module directly! It is only for role internal use." + - Manages linux user to SELinux user mapping +version_added: '1.0' options: login: description: @@ -41,8 +45,7 @@ options: required: true default: null serange: - description: - - >- + description: > MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping - defaults to the SELinux user record range. required: false @@ -62,8 +65,9 @@ notes: - The changes are persistent across reboots - Not tested on any debian based system requirements: [ 'libselinux-python', 'policycoreutils-python' ] -author: Dan Keder -author: Petr Lautrbach +author: + - Dan Keder (@dkeder) + - Petr Lautrbach (@bachradsusi) """ EXAMPLES = """ @@ -82,7 +86,7 @@ EXAMPLES = """ # Assign all users in the engineering group to the staff_u user - selogin: - login: %engineering + login: "%engineering" seuser: staff_u state: present """ @@ -198,9 +202,6 @@ def semanage_login_add(module, login, seuser, do_reload, serange="s0", sestore=" except KeyError: e = get_exception() module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) - except OSError: - e = get_exception() - module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) except RuntimeError: e = get_exception() module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) @@ -248,9 +249,6 @@ def semanage_login_del(module, login, seuser, do_reload, sestore=""): except KeyError: e = get_exception() module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) - except OSError: - e = get_exception() - module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) except RuntimeError: e = get_exception() module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e))) diff --git a/tests/setup_module_utils.sh b/tests/setup_module_utils.sh deleted file mode 100755 index 94d102d..0000000 --- a/tests/setup_module_utils.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: MIT - -set -euo pipefail - -if [ -n "${DEBUG:-}" ] ; then - set -x -fi - -if [ ! -d "${1:-}" ] ; then - echo Either ansible is not installed, or there is no ansible/module_utils - echo in "$1" - Skipping - exit 0 -fi - -if [ ! -d "${2:-}" ] ; then - echo Role has no module_utils - Skipping - exit 0 -fi - -# we need absolute path for $2 -absmoddir=$( readlink -f "$2" ) - -# clean up old links to module_utils -for item in "$1"/* ; do - if lnitem=$( readlink "$item" ) && test -n "$lnitem" ; then - case "$lnitem" in - *"${2}"*) rm -f "$item" ;; - esac - fi -done - -# add new links to module_utils -for item in "$absmoddir"/* ; do - case "$item" in - *__pycache__) continue;; - *.pyc) continue;; - esac - bnitem=$( basename "$item" ) - ln -s "$item" "$1/$bnitem" -done -- 2.26.2