archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update how to set default selinux context for file

Browse Source 
This removes the 'context' option and replaces it with checks for
'_default' value for seuser, serole, setype, or (maybe) selevel.
If '_default' is provided *and* there is a default context for the given
file, this will set the file context to the available default.
reviewable/pr18780/r1
Stephen Fromm 13 years ago
parent 23c691bd30
commit fa51d4a160
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File

11
file
Unescape Escape View File

@ -170,17 +170,14 @@ seuser = params.get('seuser', None)
serole = params.get('serole', None) serole = params.get('serole', None)
setype = params.get('setype', None) setype = params.get('setype', None)
selevel = params.get('serange', 's0') selevel = params.get('serange', 's0')
context = params.get('context', None)
secontext = [seuser, serole, setype] secontext = [seuser, serole, setype]
if selinux_mls_enabled(): if selinux_mls_enabled():
secontext.append(selevel) secontext.append(selevel)
if context is not None: default_secontext = selinux_default_context(path)
if context != 'default': for i in range(len(default_secontext)):
fail_json(msg='invalid context: %s' % context) if i is not None and secontext[i] == '_default':
if seuser is not None or serole is not None or setype is not None: secontext[i] = default_secontext[i]
fail_json(msg='cannot define context=default and seuser, serole or setype')
secontext = selinux_default_context(path)
if state not in [ 'file', 'directory', 'link', 'absent']: if state not in [ 'file', 'directory', 'link', 'absent']:
fail_json(msg='invalid state: %s' % state) fail_json(msg='invalid state: %s' % state)

Write Preview
Loading…
Cancel
Save