From 4a8f0c2b240ffccde5018d2de1166e6c22daa500 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Mon, 22 Mar 2021 17:13:26 -0600
Subject: [PATCH] add tags; fix cleanup task
---
tests/set_selinux_variables.yml | 8 ++++++
tests/tests_all_purge.yml | 6 ++++-
tests/tests_all_transitions.yml | 2 ++
tests/tests_boolean.yml | 3 ++-
tests/tests_fcontext.yml | 2 +-
tests/tests_login.yml | 2 +-
tests/tests_port.yml | 2 +-
tests/tests_selinux_disabled.yml | 45 +++++++++++++++++++++-----------
8 files changed, 50 insertions(+), 20 deletions(-)
diff --git a/tests/set_selinux_variables.yml b/tests/set_selinux_variables.yml
index 05f0c88..3446647 100644
--- a/tests/set_selinux_variables.yml
+++ b/tests/set_selinux_variables.yml
@@ -1,4 +1,12 @@
---
+- name: Install SELinux tool semanage on Fedora
+ package:
+ name:
+ - policycoreutils-python-utils
+ state: present
+ when: ansible_distribution == "Fedora" or
+ ( ansible_distribution_major_version > "7" and
+ ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
- name: Get local modifications - boolean
command: /usr/sbin/semanage boolean -l -n -C
changed_when: false
diff --git a/tests/tests_all_purge.yml b/tests/tests_all_purge.yml
index 40e933b..4688994 100644
--- a/tests/tests_all_purge.yml
+++ b/tests/tests_all_purge.yml
@@ -8,13 +8,17 @@
fcontext -a -t user_home_dir_t /tmp/test_dir
login -a -s staff_u sar-user
+ tags:
+ - 'tests::avc'
tasks:
- name: Install SELinux tool semanage on Fedora
package:
name:
- policycoreutils-python-utils
state: present
- when: ansible_distribution == "Fedora"
+ when: ansible_distribution == "Fedora" or
+ ( ansible_distribution_major_version > "7" and
+ ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
- name: Add a Linux System Roles SELinux User
user:
diff --git a/tests/tests_all_transitions.yml b/tests/tests_all_transitions.yml
index acd37ad..20f96c4 100644
--- a/tests/tests_all_transitions.yml
+++ b/tests/tests_all_transitions.yml
@@ -1,6 +1,8 @@
- name: Test all the possible selinux_state transitions
hosts: all
become: true
+ tags:
+ - 'tests::reboot'
vars:
states:
- permissive
diff --git a/tests/tests_boolean.yml b/tests/tests_boolean.yml
index 368e8dc..966abe4 100644
--- a/tests/tests_boolean.yml
+++ b/tests/tests_boolean.yml
@@ -1,4 +1,5 @@
- name: Check if selinux role sets SELinux booleans
+ tags: tests::expfail
hosts: all
become: true
@@ -11,7 +12,7 @@
selinux_booleans:
- { name: 'samba_enable_home_dirs', state: 'on', persistent: 'yes' }
- - include: set_selinux_variables.yml
+ - import_tasks: set_selinux_variables.yml
- name: save state after initial changes and before other changes
set_fact:
boolean_before: "{{ selinux_role_boolean.stdout_lines }}"
diff --git a/tests/tests_fcontext.yml b/tests/tests_fcontext.yml
index b96b07a..aa1e1fa 100644
--- a/tests/tests_fcontext.yml
+++ b/tests/tests_fcontext.yml
@@ -13,7 +13,7 @@
- { target: '/tmp/test_dir1(/.*)?', setype: 'user_home_dir_t',
ftype: 'd' }
- - include: set_selinux_variables.yml
+ - import_tasks: set_selinux_variables.yml
- name: save state after initial changes and before other changes
set_fact:
fcontext_before: "{{ selinux_role_fcontext.stdout }}"
diff --git a/tests/tests_login.yml b/tests/tests_login.yml
index 67c6a9f..4ce8a0b 100644
--- a/tests/tests_login.yml
+++ b/tests/tests_login.yml
@@ -17,7 +17,7 @@
- { login: 'sar-user', seuser: 'staff_u',
serange: 's0-s0:c0.c1023', state: 'present' }
- - include: set_selinux_variables.yml
+ - import_tasks: set_selinux_variables.yml
- name: save state after initial changes and before other changes
set_fact:
login_before: "{{ selinux_role_login.stdout }}"
diff --git a/tests/tests_port.yml b/tests/tests_port.yml
index 5b651b0..4172dcb 100644
--- a/tests/tests_port.yml
+++ b/tests/tests_port.yml
@@ -29,7 +29,7 @@
- { ports: '22022', proto: 'tcp', setype: 'ssh_port_t',
state: 'present' }
- - include: set_selinux_variables.yml
+ - import_tasks: set_selinux_variables.yml
- name: save state after other changes
set_fact:
port_after: "{{ selinux_role_port.stdout }}"
diff --git a/tests/tests_selinux_disabled.yml b/tests/tests_selinux_disabled.yml
index a0dbaeb..4d896a0 100644
--- a/tests/tests_selinux_disabled.yml
+++ b/tests/tests_selinux_disabled.yml
@@ -11,13 +11,17 @@
fcontext -a -t user_home_dir_t /tmp/test_dir
login -a -s staff_u sar-user
+ tags:
+ - 'tests::avc'
tasks:
- name: Install SELinux tool semanage on Fedora
package:
name:
- policycoreutils-python-utils
state: present
- when: ansible_distribution == "Fedora"
+ when: ansible_distribution == "Fedora" or
+ ( ansible_distribution_major_version > "7" and
+ ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
- name: Add a Linux System Roles SELinux User
user:
@@ -80,18 +84,29 @@
that: "{{ ansible_selinux.config_mode == 'enforcing' }}"
msg: "SELinux config mode should be enforcing instead of
{{ ansible_selinux.config_mode }}"
- - name: Restore original /etc/selinux/config
- copy:
- remote_src: true
- dest: /etc/selinux/config
- src: /etc/selinux/config.test_selinux_disabled
- mode: preserve
- - name: Remove /etc/selinux/config backup
- file:
- path: /etc/selinux/config.test_selinux_disabled
- state: absent
- - name: Remove Linux System Roles SELinux User
- user:
- name: sar-user
- remove: yes
- state: absent
+
+ - name: Cleanup
+ tags: [ 'tests::cleanup' ]
+ block:
+ - name: Restore original /etc/selinux/config
+ copy:
+ remote_src: true
+ dest: /etc/selinux/config
+ src: /etc/selinux/config.test_selinux_disabled
+ mode: preserve
+
+ - name: Remove /etc/selinux/config backup
+ file:
+ path: /etc/selinux/config.test_selinux_disabled
+ state: absent
+
+ - name: Remove Linux System Roles SELinux User
+ user:
+ name: sar-user
+ remove: yes
+ state: absent
+
+ - import_role:
+ name: linux-system-roles.selinux
+ vars:
+ selinux_all_purge: true