Merge pull request #1165 from mavimo/documentation-selinux

Added DOCUMENTATION to selinux module.
This commit is contained in:
Michael DeHaan 2012-09-30 06:36:27 -07:00
commit 20da86d1fd

55
selinux
View file

@ -18,17 +18,38 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>. # along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# selinux module - change policy and state of SELinux DOCUMENTATION = '''
# usage: ---
# module: selinux
# selinux policy=<SELINUX_POLICY> state=[enforcing|permissive|disabled] configfile=[SELINUX_CONFIG_FILE] short_description: Change policy and state of SELinux
# description:
# configfile defaults to /etc/selinux/config - Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
# policy files should be installed via the yum/apt modules version_added: "0.7"
# options:
# bugs: policy:
# description:
# Not tested on any debian based system - "name of the SELinux policy to use (example: 'targeted')"
required: true
default: null
state:
description:
- The SELinux mode
required: true
default: null
choices: [ "enforcing", "permissive", "disabled" ]
conf:
description:
- path to the SELinux configuration file, if non-standard
required: false
default: "/etc/selinux/config"
examples:
- code: selinux policy=targeted state=enforcing
- code: selinux policy=targeted state=disabled
notes:
- Not tested on any debian based system
requirements: [ ]
author: Derek Carter
'''
import os import os
import re import re
@ -84,7 +105,7 @@ def set_state(state):
def set_config_policy(policy, configfile): def set_config_policy(policy, configfile):
# edit config file with state value # edit config file with state value
#SELINUXTYPE=targeted #SELINUXTYPE=targeted
policyline='SELINUXTYPE=%s' % policy policyline='SELINUXTYPE=%s' % policy
myfile = open(configfile, "r") myfile = open(configfile, "r")
lines = myfile.readlines() lines = myfile.readlines()
@ -128,12 +149,12 @@ def main():
if (policy != runtime_policy): if (policy != runtime_policy):
# cannot change runtime policy # cannot change runtime policy
msgs.append('reboot to change the loaded policy') msgs.append('reboot to change the loaded policy')
changed=True changed=True
if (policy != config_policy): if (policy != config_policy):
msgs.append('config policy changed from \'%s\' to \'%s\'' % (config_policy, policy)) msgs.append('config policy changed from \'%s\' to \'%s\'' % (config_policy, policy))
set_config_policy(policy, configfile) set_config_policy(policy, configfile)
changed=True changed=True
if (state != runtime_state): if (state != runtime_state):
if (state == 'disabled'): if (state == 'disabled'):
@ -141,13 +162,13 @@ def main():
else: else:
msgs.append('runtime state changed from \'%s\' to \'%s\'' % (runtime_state, state)) msgs.append('runtime state changed from \'%s\' to \'%s\'' % (runtime_state, state))
set_state(state) set_state(state)
changed=True changed=True
if (state != config_state): if (state != config_state):
msgs.append('config state changed from \'%s\' to \'%s\'' % (config_state, state)) msgs.append('config state changed from \'%s\' to \'%s\'' % (config_state, state))
set_config_state(state, configfile) set_config_state(state, configfile)
changed=True changed=True
module.exit_json(changed=changed, msg=', '.join(msgs), module.exit_json(changed=changed, msg=', '.join(msgs),
configfile=configfile, configfile=configfile,
policy=policy, state=state) policy=policy, state=state)