This adds some logic when usings groups possibly in combination with append
if just specifying groups and the current groups do not match the list
set groups
if specifying groups with append and any group thats not in the current groups
set groups with -a
Checks if update-rc.d (Ubuntu) or chkconfig (RHEL) should be used.
Adds basic bin path search for those binaries
Adds 'enable' and 'disable' options for 'enable' command since it's the
arguments that update-rc.d uses (this might be somewhat confusing to
have a command line with 'enable=enable', but probably mkes sense for
Ubuntu users).
Allows use of mixed case for 'list' and 'state' commands.
This removes the 'context' option and replaces it with checks for
'_default' value for seuser, serole, setype, or (maybe) selevel.
If '_default' is provided *and* there is a default context for the given
file, this will set the file context to the available default.
Creates system accounts/groups; corresponds to the '-r' option for {user,group}add.
The option is only honored when users/groups are added, not when modified.
When running the service module via sudo, `$PATH` didn't contain `/sbin`,
so the service binary couldn't be found. This just runs `/sbin/service`
directly. Output is spewed to stderr on error.
Added `list=status` to include the output of `service <cmd> status`.
This adds selinux_mls_enabled() and selinux_enabled() to detect a)
whether selinux is MLS aware (ie supports selevel) and b) whether
selinux is enabled. If selinux is not enabled, all selinux operations
are punted on -- same as if python's selinux module were not available.
In set_context_if_different(), I now iterate over the current context
instead of the context argument. Even if the system supports MLS, it
may not return the selevel from selinux.lgetfilecon(). Lastly, this
drops selinux_has_selevel() in lieu of the current approach.
Older versions of selinux, such as that deployed on rhel5, only return a
context of user:role:type instead of user:role:type:level. This detects
whether the tuple has three elements (old-style) or four. If the
old-style, it keeps the secontext list at three elements.
The value is passed to apt-get's "-t" option. Useful for installing backports, e.g.:
ansible webservers -m apt -a "pkg=nginx state=latest default-release=squeeze-backports"
This adjusts behavior of file module such that removal of se* option
does not revert the file's selinux context to the default. In order to
go back to the default context according to the policy, you can use the
context=default option.