165 lines
4.9 KiB
Diff
165 lines
4.9 KiB
Diff
From 9cbbc3f63052bef0b6a697e066e092a5f9722ce8 Mon Sep 17 00:00:00 2001
|
|
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
Date: Mon, 22 Feb 2021 17:11:05 -0800
|
|
Subject: [PATCH] Patch23: selinux-ansible-test-issues.diff
|
|
|
|
---
|
|
.sanity-ansible-ignore-2.10.txt | 2 ++
|
|
.sanity-ansible-ignore-2.9.txt | 2 ++
|
|
library/selogin.py | 26 ++++++++++-----------
|
|
tests/setup_module_utils.sh | 41 ---------------------------------
|
|
4 files changed, 16 insertions(+), 55 deletions(-)
|
|
create mode 100644 .sanity-ansible-ignore-2.10.txt
|
|
create mode 100644 .sanity-ansible-ignore-2.9.txt
|
|
delete mode 100755 tests/setup_module_utils.sh
|
|
|
|
diff --git a/.sanity-ansible-ignore-2.10.txt b/.sanity-ansible-ignore-2.10.txt
|
|
new file mode 100644
|
|
index 0000000..5f8ce1e
|
|
--- /dev/null
|
|
+++ b/.sanity-ansible-ignore-2.10.txt
|
|
@@ -0,0 +1,2 @@
|
|
+plugins/modules/selogin.py no-get-exception
|
|
+plugins/modules/selogin.py validate-modules!skip
|
|
diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt
|
|
new file mode 100644
|
|
index 0000000..5f8ce1e
|
|
--- /dev/null
|
|
+++ b/.sanity-ansible-ignore-2.9.txt
|
|
@@ -0,0 +1,2 @@
|
|
+plugins/modules/selogin.py no-get-exception
|
|
+plugins/modules/selogin.py validate-modules!skip
|
|
diff --git a/library/selogin.py b/library/selogin.py
|
|
index b785c27..6e3fd32 100644
|
|
--- a/library/selogin.py
|
|
+++ b/library/selogin.py
|
|
@@ -15,6 +15,9 @@
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+from __future__ import absolute_import, division, print_function
|
|
+
|
|
+__metaclass__ = type
|
|
|
|
ANSIBLE_METADATA = {
|
|
"status": ["preview"],
|
|
@@ -22,13 +25,14 @@ ANSIBLE_METADATA = {
|
|
"version": "1.0",
|
|
}
|
|
|
|
-DOCUMENTATION = """
|
|
+DOCUMENTATION = r"""
|
|
---
|
|
module: selogin
|
|
short_description: Manages linux user to SELinux user mapping
|
|
description:
|
|
- - Manages linux user to SELinux user mapping
|
|
-version_added: "1.0"
|
|
+ - "WARNING: Do not use this module directly! It is only for role internal use."
|
|
+ - Manages linux user to SELinux user mapping
|
|
+version_added: '1.0'
|
|
options:
|
|
login:
|
|
description:
|
|
@@ -41,8 +45,7 @@ options:
|
|
required: true
|
|
default: null
|
|
serange:
|
|
- description:
|
|
- - >-
|
|
+ description: >
|
|
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login
|
|
mapping - defaults to the SELinux user record range.
|
|
required: false
|
|
@@ -62,8 +65,9 @@ notes:
|
|
- The changes are persistent across reboots
|
|
- Not tested on any debian based system
|
|
requirements: [ 'libselinux-python', 'policycoreutils-python' ]
|
|
-author: Dan Keder
|
|
-author: Petr Lautrbach
|
|
+author:
|
|
+ - Dan Keder (@dkeder)
|
|
+ - Petr Lautrbach (@bachradsusi)
|
|
"""
|
|
|
|
EXAMPLES = """
|
|
@@ -82,7 +86,7 @@ EXAMPLES = """
|
|
|
|
# Assign all users in the engineering group to the staff_u user
|
|
- selogin:
|
|
- login: %engineering
|
|
+ login: "%engineering"
|
|
seuser: staff_u
|
|
state: present
|
|
"""
|
|
@@ -198,9 +202,6 @@ def semanage_login_add(module, login, seuser, do_reload, serange="s0", sestore="
|
|
except KeyError:
|
|
e = get_exception()
|
|
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
- except OSError:
|
|
- e = get_exception()
|
|
- module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
except RuntimeError:
|
|
e = get_exception()
|
|
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
@@ -248,9 +249,6 @@ def semanage_login_del(module, login, seuser, do_reload, sestore=""):
|
|
except KeyError:
|
|
e = get_exception()
|
|
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
- except OSError:
|
|
- e = get_exception()
|
|
- module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
except RuntimeError:
|
|
e = get_exception()
|
|
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
diff --git a/tests/setup_module_utils.sh b/tests/setup_module_utils.sh
|
|
deleted file mode 100755
|
|
index 94d102d..0000000
|
|
--- a/tests/setup_module_utils.sh
|
|
+++ /dev/null
|
|
@@ -1,41 +0,0 @@
|
|
-#!/bin/bash
|
|
-# SPDX-License-Identifier: MIT
|
|
-
|
|
-set -euo pipefail
|
|
-
|
|
-if [ -n "${DEBUG:-}" ] ; then
|
|
- set -x
|
|
-fi
|
|
-
|
|
-if [ ! -d "${1:-}" ] ; then
|
|
- echo Either ansible is not installed, or there is no ansible/module_utils
|
|
- echo in "$1" - Skipping
|
|
- exit 0
|
|
-fi
|
|
-
|
|
-if [ ! -d "${2:-}" ] ; then
|
|
- echo Role has no module_utils - Skipping
|
|
- exit 0
|
|
-fi
|
|
-
|
|
-# we need absolute path for $2
|
|
-absmoddir=$( readlink -f "$2" )
|
|
-
|
|
-# clean up old links to module_utils
|
|
-for item in "$1"/* ; do
|
|
- if lnitem=$( readlink "$item" ) && test -n "$lnitem" ; then
|
|
- case "$lnitem" in
|
|
- *"${2}"*) rm -f "$item" ;;
|
|
- esac
|
|
- fi
|
|
-done
|
|
-
|
|
-# add new links to module_utils
|
|
-for item in "$absmoddir"/* ; do
|
|
- case "$item" in
|
|
- *__pycache__) continue;;
|
|
- *.pyc) continue;;
|
|
- esac
|
|
- bnitem=$( basename "$item" )
|
|
- ln -s "$item" "$1/$bnitem"
|
|
-done
|
|
--
|
|
2.26.2
|
|
|