diff --git a/.gitignore b/.gitignore index ce1aa7b2f5c..8b244f60ee7 100644 --- a/.gitignore +++ b/.gitignore @@ -99,8 +99,6 @@ lib/ansible/_vendor/* /test/integration/cloud-config-*.* !/test/integration/cloud-config-*.*.template .python-version -/hacking/tests/selinux/*.mod -/hacking/tests/selinux/*.pp # Release directory packaging/release/ansible_release /.cache/ diff --git a/hacking/tests/selinux/README.md b/hacking/tests/selinux/README.md deleted file mode 100644 index 95c2b9e89e6..00000000000 --- a/hacking/tests/selinux/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# ansible-podman selinux module - -On Fedora-derived systems (and possibly others), selinux can prevent podman -from running the way we need it to for our tests to work. - -Loading this module (hopefully) allows you to -[keep selinux enabled](https://stopdisablingselinux.com/) and still be able to -run our tests. - -To use it, just run: - -``` -./build.sh -``` - -...which will build the module. Then run: - -``` -sudo semodule -i ansible-podman.pp -``` - -to insert and enable the module. diff --git a/hacking/tests/selinux/ansible-podman.te b/hacking/tests/selinux/ansible-podman.te deleted file mode 100644 index f2a786c1849..00000000000 --- a/hacking/tests/selinux/ansible-podman.te +++ /dev/null @@ -1,17 +0,0 @@ -module ansible-podman 1.0; - -require { - type container_t; - type cgroup_t; - type fusefs_t; - class dir { add_name create remove_name rmdir write }; - class file { create relabelto write }; - class bpf map_create; -} - - -allow container_t cgroup_t:dir { add_name create remove_name rmdir write }; - -allow container_t cgroup_t:file { create write }; -allow container_t fusefs_t:file relabelto; -allow container_t self:bpf map_create; diff --git a/hacking/tests/selinux/build.sh b/hacking/tests/selinux/build.sh deleted file mode 100755 index c378f0ff16a..00000000000 --- a/hacking/tests/selinux/build.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash -set -x -set -e -checkmodule -Mmo ansible-podman.mod ansible-podman.te -semodule_package -o ansible-podman.pp -m ansible-podman.mod - -set +x -echo "Module built. Now run this as root:" -echo "semodule -i $(pwd)/ansible-podman.pp"