Add suport for selinux user when adding a new user on selinux enabled systems

2015-08-19 22:42:49 +02:00 · 2015-08-19 22:42:49 +02:00 · 455da45e62
commit 455da45e62
parent a057431a78
1 changed files with 10 additions and 0 deletions
--- a/lib/ansible/modules/system/user.py
+++ b/lib/ansible/modules/system/user.py
@ -49,6 +49,10 @@ options:
            - Optionally when used with the -u option, this option allows to
              change the user ID to a non-unique value.
        version_added: "1.1"
+    seuser:
+        required: false
+        description:
+            - Optionally sets the seuser type (user_u).
    group:
        required: false
        description:
@ -253,6 +257,7 @@ class User(object):
        self.name       = module.params['name']
        self.uid        = module.params['uid']
        self.non_unique  = module.params['non_unique']
+        self.seuser     = module.params['seuser']
        self.group      = module.params['group']
        self.groups     = module.params['groups']
        self.comment    = module.params['comment']
@ -313,6 +318,9 @@ class User(object):
            if self.non_unique:
                cmd.append('-o')

+        if self.seuser is not None:
+            cmd.append('-Z')
+            cmd.append(self.seuser)
        if self.group is not None:
            if not self.group_exists(self.group):
                self.module.fail_json(msg="Group %s does not exist" % self.group)
@ -2049,6 +2057,8 @@ def main():
            shell=dict(default=None, type='str'),
            password=dict(default=None, type='str', no_log=True),
            login_class=dict(default=None, type='str'),
+            # following options are specific to selinux
+            seuser=dict(default=None, type='str'),
            # following options are specific to userdel
            force=dict(default='no', type='bool'),
            remove=dict(default='no', type='bool'),