Browse Source

Merge pull request #205 from pavel-z1/add_separate_check_of_getenforce

Add posibility to disable SELinux
pull/207/head
Filip Pytloun 5 years ago
parent
commit
ad96c5704a
No account linked to committer's email address
1 changed files with 21 additions and 1 deletions
  1. +21
    -1
      linux/system/selinux.sls

+ 21
- 1
linux/system/selinux.sls View File

@@ -1,18 +1,38 @@
{%- from "linux/map.jinja" import system with context %}
{%- if system.selinux is defined %}
{%- if system.enabled %}

include:
- linux.system.repo

{%- if grains.os_family == 'RedHat' %}
{%- set mode = system.selinux %}
{%- if system.selinux == 'disabled' %}

{{ mode }}:
selinux_config:
cmd.run:
- names:
- "sed -i 's/enforcing/disabled/g' /etc/selinux/config"
- "sed -i 's/permissive/disabled/g' /etc/selinux/config"
- unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled'

selinux_setenforce:
cmd.run:
- name: "setenforce 0"
- unless: getenforce | grep 'Disabled'

{%- else %}

selinux_config:
selinux.mode:
- name: {{ system.get('selinux', 'permissive') }}
- require:
- pkg: linux_repo_prereq_pkgs


{%- endif %}

{%- endif %}

{%- endif %}
{%- endif %}

Loading…
Cancel
Save