瀏覽代碼

Add posibility to disable SELinux

pull/205/head
pavel-z1 5 年之前
父節點
當前提交
7ab68de0fd
共有 1 個檔案被更改,包括 21 行新增1 行删除
  1. +21
    -1
      linux/system/selinux.sls

+ 21
- 1
linux/system/selinux.sls 查看文件

@@ -1,18 +1,38 @@
{%- from "linux/map.jinja" import system with context %}
{%- if system.selinux is defined %}
{%- if system.enabled %}

include:
- linux.system.repo

{%- if grains.os_family == 'RedHat' %}
{%- set mode = system.selinux %}
{%- if system.selinux == 'disabled' %}

{{ mode }}:
selinux_config:
cmd.run:
- names:
- "sed -i 's/enforcing/disabled/g' /etc/selinux/config"
- "sed -i 's/permissive/disabled/g' /etc/selinux/config"
- unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled'

selinux_setenforce:
cmd.run:
- name: "setenforce 0"
- unless: getenforce | grep 'Disabled'

{%- else %}

selinux_config:
selinux.mode:
- name: {{ system.get('selinux', 'permissive') }}
- require:
- pkg: linux_repo_prereq_pkgs


{%- endif %}

{%- endif %}

{%- endif %}
{%- endif %}

Loading…
取消
儲存