Parcourir la source

Add posibility to disable SELinux

pull/205/head
pavel-z1 il y a 5 ans
Parent
révision
7ab68de0fd
1 fichiers modifiés avec 21 ajouts et 1 suppressions
  1. +21
    -1
      linux/system/selinux.sls

+ 21
- 1
linux/system/selinux.sls Voir le fichier

@@ -1,18 +1,38 @@
{%- from "linux/map.jinja" import system with context %}
{%- if system.selinux is defined %}
{%- if system.enabled %}

include:
- linux.system.repo

{%- if grains.os_family == 'RedHat' %}
{%- set mode = system.selinux %}
{%- if system.selinux == 'disabled' %}

{{ mode }}:
selinux_config:
cmd.run:
- names:
- "sed -i 's/enforcing/disabled/g' /etc/selinux/config"
- "sed -i 's/permissive/disabled/g' /etc/selinux/config"
- unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled'

selinux_setenforce:
cmd.run:
- name: "setenforce 0"
- unless: getenforce | grep 'Disabled'

{%- else %}

selinux_config:
selinux.mode:
- name: {{ system.get('selinux', 'permissive') }}
- require:
- pkg: linux_repo_prereq_pkgs


{%- endif %}

{%- endif %}

{%- endif %}
{%- endif %}

Chargement…
Annuler
Enregistrer