scap-security-guide/SOURCES/scap-security-guide-0.1.51-fix_ansible_template_mount_options_PR_5765.patch

From 254cb60e722539032c6ea73616d6ab51eb1d4edf Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 15 May 2020 23:36:18 +0200
Subject: [PATCH] Ansible mount_option: split mount and option task

Separate task that adds mount options mounts the mountpoint into two tasks.
Conditioning the "mount" task on the absence of the target mount option
caused the task to always be skipped when mount option was alredy present,
and could result in the mount point not being mounted.
---
 shared/templates/template_ANSIBLE_mount_option | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/shared/templates/template_ANSIBLE_mount_option b/shared/templates/template_ANSIBLE_mount_option
index 95bede25f9..a0cf8d6b7a 100644
--- a/shared/templates/template_ANSIBLE_mount_option
+++ b/shared/templates/template_ANSIBLE_mount_option
@@ -26,14 +26,19 @@
     - device_name.stdout is defined and device_name.stdout_lines is defined
     - (device_name.stdout | length > 0)
 
-- name: Ensure permission {{{ MOUNTOPTION }}} are set on {{{ MOUNTPOINT }}}
+- name: Make sure {{{ MOUNTOPTION }}} option is part of the to {{{ MOUNTPOINT }}} options
+  set_fact:
+    mount_info: "{{ mount_info | combine( {'options':''~mount_info.options~',{{{ MOUNTOPTION }}}' }) }}"
+  when:
+    - mount_info is defined and "{{{ MOUNTOPTION }}}" not in mount_info.options
+
+- name: Ensure {{{ MOUNTPOINT }}} is mounted with {{{ MOUNTOPTION }}} option
   mount:
     path: "{{{ MOUNTPOINT }}}"
     src: "{{ mount_info.source }}"
-    opts: "{{ mount_info.options }},{{{ MOUNTOPTION }}}"
+    opts: "{{ mount_info.options }}"
     state: "mounted"
     fstype: "{{ mount_info.fstype }}"
   when:
-    - mount_info is defined and "{{{ MOUNTOPTION }}}" not in mount_info.options
     - device_name.stdout is defined
     - (device_name.stdout | length > 0)
import scap-security-guide-0.1.50-14.el8 2020-11-03 11:56:01 +00:00			`From 254cb60e722539032c6ea73616d6ab51eb1d4edf Mon Sep 17 00:00:00 2001`
			`From: Watson Sato <wsato@redhat.com>`
			`Date: Fri, 15 May 2020 23:36:18 +0200`
			`Subject: [PATCH] Ansible mount_option: split mount and option task`

			`Separate task that adds mount options mounts the mountpoint into two tasks.`
			`Conditioning the "mount" task on the absence of the target mount option`
			`caused the task to always be skipped when mount option was alredy present,`
			`and could result in the mount point not being mounted.`
			`---`
			`shared/templates/template_ANSIBLE_mount_option \| 11 ++++++++---`
			`1 file changed, 8 insertions(+), 3 deletions(-)`

			`diff --git a/shared/templates/template_ANSIBLE_mount_option b/shared/templates/template_ANSIBLE_mount_option`
			`index 95bede25f9..a0cf8d6b7a 100644`
			`--- a/shared/templates/template_ANSIBLE_mount_option`
			`+++ b/shared/templates/template_ANSIBLE_mount_option`
			`@@ -26,14 +26,19 @@`
			`- device_name.stdout is defined and device_name.stdout_lines is defined`
			`- (device_name.stdout \| length > 0)`

			`-- name: Ensure permission {{{ MOUNTOPTION }}} are set on {{{ MOUNTPOINT }}}`
			`+- name: Make sure {{{ MOUNTOPTION }}} option is part of the to {{{ MOUNTPOINT }}} options`
			`+ set_fact:`
			`+ mount_info: "{{ mount_info \| combine( {'options':''~mount_info.options~',{{{ MOUNTOPTION }}}' }) }}"`
			`+ when:`
			`+ - mount_info is defined and "{{{ MOUNTOPTION }}}" not in mount_info.options`
			`+`
			`+- name: Ensure {{{ MOUNTPOINT }}} is mounted with {{{ MOUNTOPTION }}} option`
			`mount:`
			`path: "{{{ MOUNTPOINT }}}"`
			`src: "{{ mount_info.source }}"`
			`- opts: "{{ mount_info.options }},{{{ MOUNTOPTION }}}"`
			`+ opts: "{{ mount_info.options }}"`
			`state: "mounted"`
			`fstype: "{{ mount_info.fstype }}"`
			`when:`
			`- - mount_info is defined and "{{{ MOUNTOPTION }}}" not in mount_info.options`
			`- device_name.stdout is defined`
			`- (device_name.stdout \| length > 0)`