|
|
48847c |
diff --git a/tests/set_selinux_variables.yml b/tests/set_selinux_variables.yml
|
|
|
48847c |
index f294101..7571066 100644
|
|
|
48847c |
--- a/tests/set_selinux_variables.yml
|
|
|
48847c |
+++ b/tests/set_selinux_variables.yml
|
|
|
48847c |
@@ -1,4 +1,12 @@
|
|
|
48847c |
---
|
|
|
48847c |
+- name: Install SELinux tool semanage on Fedora
|
|
|
48847c |
+ package:
|
|
|
48847c |
+ name:
|
|
|
48847c |
+ - policycoreutils-python-utils
|
|
|
48847c |
+ state: present
|
|
|
48847c |
+ when: ansible_distribution == "Fedora" or
|
|
|
48847c |
+ ( ansible_distribution_major_version > "7" and
|
|
|
48847c |
+ ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
|
|
|
48847c |
- name: Get local modifications - boolean
|
|
|
48847c |
command: /usr/sbin/semanage boolean -l -n -C
|
|
|
48847c |
register: selinux_role_boolean
|
|
|
48847c |
diff --git a/tests/tests_boolean.yml b/tests/tests_boolean.yml
|
|
|
48847c |
index 47eafc0..ca85922 100644
|
|
|
48847c |
--- a/tests/tests_boolean.yml
|
|
|
48847c |
+++ b/tests/tests_boolean.yml
|
|
|
48847c |
@@ -1,5 +1,6 @@
|
|
|
48847c |
|
|
|
48847c |
- name: Check if selinux role sets SELinux booleans
|
|
|
48847c |
+ tags: [ 'tests::tier1', 'tests::expfail' ]
|
|
|
48847c |
hosts: all
|
|
|
48847c |
become: true
|
|
|
48847c |
|
|
|
48847c |
@@ -12,7 +13,7 @@
|
|
|
48847c |
selinux_booleans:
|
|
|
48847c |
- { name: 'samba_enable_home_dirs', state: 'on', persistent: 'yes' }
|
|
|
48847c |
|
|
|
48847c |
- - include: set_selinux_variables.yml
|
|
|
48847c |
+ - import_tasks: set_selinux_variables.yml
|
|
|
48847c |
- name: save state after initial changes and before other changes
|
|
|
48847c |
set_fact:
|
|
|
48847c |
boolean_before: "{{ selinux_role_boolean.stdout_lines }}"
|
|
|
48847c |
diff --git a/tests/tests_default.yml b/tests/tests_default.yml
|
|
|
48847c |
index a837c73..25bf39d 100644
|
|
|
48847c |
--- a/tests/tests_default.yml
|
|
|
48847c |
+++ b/tests/tests_default.yml
|
|
|
48847c |
@@ -1,5 +1,6 @@
|
|
|
48847c |
|
|
|
48847c |
- name: Ensure that the role runs with default parameters
|
|
|
48847c |
+ tags: tests::tier1
|
|
|
48847c |
hosts: all
|
|
|
48847c |
|
|
|
48847c |
roles:
|
|
|
48847c |
diff --git a/tests/tests_default_vars.yml b/tests/tests_default_vars.yml
|
|
|
48847c |
index b6a6b5a..7cd321d 100644
|
|
|
48847c |
--- a/tests/tests_default_vars.yml
|
|
|
48847c |
+++ b/tests/tests_default_vars.yml
|
|
|
48847c |
@@ -1,4 +1,5 @@
|
|
|
48847c |
- name: Ensure that the role declares all paremeters in defaults
|
|
|
48847c |
+ tags: tests::tier1
|
|
|
48847c |
hosts: all
|
|
|
48847c |
|
|
|
48847c |
roles:
|
|
|
48847c |
diff --git a/tests/tests_fcontext.yml b/tests/tests_fcontext.yml
|
|
|
48847c |
index 0a411fb..f4a3923 100644
|
|
|
48847c |
--- a/tests/tests_fcontext.yml
|
|
|
48847c |
+++ b/tests/tests_fcontext.yml
|
|
|
48847c |
@@ -1,5 +1,6 @@
|
|
|
48847c |
|
|
|
48847c |
- name: Check if selinux role sets SELinux fcontext mappings
|
|
|
48847c |
+ tags: tests::tier1
|
|
|
48847c |
hosts: all
|
|
|
48847c |
become: true
|
|
|
48847c |
|
|
|
48847c |
@@ -13,7 +14,7 @@
|
|
|
48847c |
selinux_fcontexts:
|
|
|
48847c |
- { target: '/tmp/test_dir1(/.*)?', setype: 'user_home_dir_t', ftype: 'd' }
|
|
|
48847c |
|
|
|
48847c |
- - include: set_selinux_variables.yml
|
|
|
48847c |
+ - import_tasks: set_selinux_variables.yml
|
|
|
48847c |
- name: save state after initial changes and before other changes
|
|
|
48847c |
set_fact:
|
|
|
48847c |
fcontext_before: "{{ selinux_role_fcontext.stdout }}"
|
|
|
48847c |
diff --git a/tests/tests_login.yml b/tests/tests_login.yml
|
|
|
48847c |
index efa826d..e4f55ca 100644
|
|
|
48847c |
--- a/tests/tests_login.yml
|
|
|
48847c |
+++ b/tests/tests_login.yml
|
|
|
48847c |
@@ -1,5 +1,6 @@
|
|
|
48847c |
|
|
|
48847c |
- name: Check if selinux role sets SELinux login mappings
|
|
|
48847c |
+ tags: tests::tier1
|
|
|
48847c |
hosts: all
|
|
|
48847c |
become: true
|
|
|
48847c |
|
|
|
48847c |
@@ -18,7 +19,7 @@
|
|
|
48847c |
- { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
|
|
|
48847c |
|
|
|
48847c |
|
|
|
48847c |
- - include: set_selinux_variables.yml
|
|
|
48847c |
+ - import_tasks: set_selinux_variables.yml
|
|
|
48847c |
- name: save state after initial changes and before other changes
|
|
|
48847c |
set_fact:
|
|
|
48847c |
login_before: "{{ selinux_role_login.stdout }}"
|
|
|
48847c |
diff --git a/tests/tests_port.yml b/tests/tests_port.yml
|
|
|
48847c |
index 446f79d..03276b5 100644
|
|
|
48847c |
--- a/tests/tests_port.yml
|
|
|
48847c |
+++ b/tests/tests_port.yml
|
|
|
48847c |
@@ -1,5 +1,6 @@
|
|
|
48847c |
|
|
|
48847c |
- name: Check if selinux role sets SELinux port mapping
|
|
|
48847c |
+ tags: tests::tier1
|
|
|
48847c |
hosts: all
|
|
|
48847c |
become: true
|
|
|
48847c |
|
|
|
48847c |
@@ -29,7 +30,7 @@
|
|
|
48847c |
selinux_ports:
|
|
|
48847c |
- { ports: '22022', proto: 'tcp', setype: 'ssh_port_t', state: 'present' }
|
|
|
48847c |
|
|
|
48847c |
- - include: set_selinux_variables.yml
|
|
|
48847c |
+ - import_tasks: set_selinux_variables.yml
|
|
|
48847c |
- name: save state after other changes
|
|
|
48847c |
set_fact:
|
|
|
48847c |
port_after: "{{ selinux_role_port.stdout }}"
|
|
|
48847c |
diff --git a/tests/tests_selinux_disabled.yml b/tests/tests_selinux_disabled.yml
|
|
|
48847c |
index afd23e4..d30de2b 100644
|
|
|
48847c |
--- a/tests/tests_selinux_disabled.yml
|
|
|
48847c |
+++ b/tests/tests_selinux_disabled.yml
|
|
|
48847c |
@@ -18,7 +19,9 @@
|
|
|
48847c |
name:
|
|
|
48847c |
- policycoreutils-python-utils
|
|
|
48847c |
state: present
|
|
|
48847c |
- when: ansible_distribution == "Fedora"
|
|
|
48847c |
+ when: ansible_distribution == "Fedora" or
|
|
|
48847c |
+ ( ansible_distribution_major_version > "7" and
|
|
|
48847c |
+ ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
|
|
|
48847c |
|
|
|
48847c |
- name: Add a Linux System Roles SELinux User
|
|
|
48847c |
user:
|
|
|
48847c |
@@ -67,17 +71,28 @@
|
|
|
48847c |
assert:
|
|
|
48847c |
that: "{{ ansible_selinux.config_mode == 'enforcing' }}"
|
|
|
48847c |
msg: "SELinux config mode should be enforcing instead of {{ ansible_selinux.config_mode }}"
|
|
|
48847c |
- - name: Restore original /etc/selinux/config
|
|
|
48847c |
- copy:
|
|
|
48847c |
- remote_src: true
|
|
|
48847c |
- dest: /etc/selinux/config
|
|
|
48847c |
- src: /etc/selinux/config.test_selinux_disabled
|
|
|
48847c |
- - name: Remove /etc/selinux/config backup
|
|
|
48847c |
- file:
|
|
|
48847c |
- path: /etc/selinux/config.test_selinux_disabled
|
|
|
48847c |
- state: absent
|
|
|
48847c |
- - name: Remove Linux System Roles SELinux User
|
|
|
48847c |
- user:
|
|
|
48847c |
- name: sar-user
|
|
|
48847c |
- remove: yes
|
|
|
48847c |
- state: absent
|
|
|
48847c |
+
|
|
|
48847c |
+ - name: Cleanup
|
|
|
48847c |
+ tags: [ 'tests::cleanup' ]
|
|
|
48847c |
+ block:
|
|
|
48847c |
+ - name: Restore original /etc/selinux/config
|
|
|
48847c |
+ copy:
|
|
|
48847c |
+ remote_src: true
|
|
|
48847c |
+ dest: /etc/selinux/config
|
|
|
48847c |
+ src: /etc/selinux/config.test_selinux_disabled
|
|
|
48847c |
+
|
|
|
48847c |
+ - name: Remove /etc/selinux/config backup
|
|
|
48847c |
+ file:
|
|
|
48847c |
+ path: /etc/selinux/config.test_selinux_disabled
|
|
|
48847c |
+ state: absent
|
|
|
48847c |
+
|
|
|
48847c |
+ - name: Remove Linux System Roles SELinux User
|
|
|
48847c |
+ user:
|
|
|
48847c |
+ name: sar-user
|
|
|
48847c |
+ remove: yes
|
|
|
48847c |
+ state: absent
|
|
|
48847c |
+
|
|
|
48847c |
+ - import_role:
|
|
|
48847c |
+ name: selinux
|
|
|
48847c |
+ vars:
|
|
|
48847c |
+ selinux_all_purge: true
|