rhel-system-roles/SOURCES/selinux-tier1-tags.diff

diff --git a/tests/set_selinux_variables.yml b/tests/set_selinux_variables.yml
index f294101..7571066 100644
--- a/tests/set_selinux_variables.yml
+++ b/tests/set_selinux_variables.yml
@@ -1,4 +1,12 @@
 ---
+- name: Install SELinux tool semanage on Fedora
+  package:
+    name:
+      - policycoreutils-python-utils
+    state: present
+  when: ansible_distribution == "Fedora" or
+    ( ansible_distribution_major_version > "7" and
+      ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
 - name: Get local modifications - boolean
   command: /usr/sbin/semanage boolean -l -n -C
   register: selinux_role_boolean
diff --git a/tests/tests_all_purge.yml b/tests/tests_all_purge.yml
index 03dfe05..c686837 100644
--- a/tests/tests_all_purge.yml
+++ b/tests/tests_all_purge.yml
@@ -14,7 +14,9 @@
         name:
           - policycoreutils-python-utils
         state: present
-      when: ansible_distribution == "Fedora"
+      when: ansible_distribution == "Fedora" or
+        ( ansible_distribution_major_version > "7" and
+          ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
 
     - name: Add a Linux System Roles SELinux User
       user:
diff --git a/tests/tests_all_transitions.yml b/tests/tests_all_transitions.yml
index f608a42..d0d209b 100644
--- a/tests/tests_all_transitions.yml
+++ b/tests/tests_all_transitions.yml
@@ -1,6 +1,8 @@
 - name: Test all the possible selinux_state transitions
   hosts: all
   become: true
+  tags:
+    - 'tests::reboot'
   vars:
     states:
       - permissive
diff --git a/tests/tests_boolean.yml b/tests/tests_boolean.yml
index 47eafc0..2aa0025 100644
--- a/tests/tests_boolean.yml
+++ b/tests/tests_boolean.yml
@@ -1,5 +1,6 @@
 
 - name: Check if selinux role sets SELinux booleans
+  tags: tests::expfail
   hosts: all
   become: true
 
@@ -12,7 +13,7 @@
         selinux_booleans:
           - { name: 'samba_enable_home_dirs', state: 'on', persistent: 'yes' }
 
-    - include: set_selinux_variables.yml
+    - import_tasks: set_selinux_variables.yml
     - name: save state after initial changes and before other changes
       set_fact:
         boolean_before: "{{ selinux_role_boolean.stdout_lines }}"
diff --git a/tests/tests_fcontext.yml b/tests/tests_fcontext.yml
index 0a411fb..f6f1bf4 100644
--- a/tests/tests_fcontext.yml
+++ b/tests/tests_fcontext.yml
@@ -13,7 +13,7 @@
         selinux_fcontexts:
           - { target: '/tmp/test_dir1(/.*)?', setype: 'user_home_dir_t', ftype: 'd' }
 
-    - include: set_selinux_variables.yml
+    - import_tasks: set_selinux_variables.yml
     - name: save state after initial changes and before other changes
       set_fact:
         fcontext_before: "{{ selinux_role_fcontext.stdout }}"
diff --git a/tests/tests_login.yml b/tests/tests_login.yml
index efa826d..c7ce462 100644
--- a/tests/tests_login.yml
+++ b/tests/tests_login.yml
@@ -18,7 +18,7 @@
           - { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
 
 
-    - include: set_selinux_variables.yml
+    - import_tasks: set_selinux_variables.yml
     - name: save state after initial changes and before other changes
       set_fact:
         login_before: "{{ selinux_role_login.stdout }}"
diff --git a/tests/tests_port.yml b/tests/tests_port.yml
index 446f79d..7bb112e 100644
--- a/tests/tests_port.yml
+++ b/tests/tests_port.yml
@@ -29,7 +29,7 @@
         selinux_ports:
           - { ports: '22022', proto: 'tcp', setype: 'ssh_port_t', state: 'present' }
 
-    - include: set_selinux_variables.yml
+    - import_tasks: set_selinux_variables.yml
     - name: save state after other changes
       set_fact:
         port_after: "{{ selinux_role_port.stdout }}"
diff --git a/tests/tests_selinux_disabled.yml b/tests/tests_selinux_disabled.yml
index afd23e4..706882f 100644
--- a/tests/tests_selinux_disabled.yml
+++ b/tests/tests_selinux_disabled.yml
@@ -18,7 +18,9 @@
         name:
           - policycoreutils-python-utils
         state: present
-      when: ansible_distribution == "Fedora"
+      when: ansible_distribution == "Fedora" or
+        ( ansible_distribution_major_version > "7" and
+          ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
 
     - name: Add a Linux System Roles SELinux User
       user:
@@ -67,17 +69,28 @@
       assert:
         that: "{{ ansible_selinux.config_mode == 'enforcing' }}"
         msg: "SELinux config mode should be enforcing instead of {{ ansible_selinux.config_mode }}"
-    - name: Restore original /etc/selinux/config
-      copy:
-        remote_src: true
-        dest: /etc/selinux/config
-        src: /etc/selinux/config.test_selinux_disabled
-    - name: Remove /etc/selinux/config backup
-      file:
-        path: /etc/selinux/config.test_selinux_disabled
-        state: absent
-    - name: Remove Linux System Roles SELinux User
-      user:
-        name: sar-user
-        remove: yes
-        state: absent
+
+    - name: Cleanup
+      tags: [ 'tests::cleanup' ]
+      block:
+        - name: Restore original /etc/selinux/config
+          copy:
+            remote_src: true
+            dest: /etc/selinux/config
+            src: /etc/selinux/config.test_selinux_disabled
+
+        - name: Remove /etc/selinux/config backup
+          file:
+            path: /etc/selinux/config.test_selinux_disabled
+            state: absent
+
+        - name: Remove Linux System Roles SELinux User
+          user:
+            name: sar-user
+            remove: yes
+            state: absent
+
+        - import_role:
+            name: selinux
+          vars:
+            selinux_all_purge: true