Merge pull request #153 from pinguinkiste/fs-whitelist

rndmh3ro · web-flow · commit ac50457d392a · 2017-12-23T15:24:22.000+01:00
Prevent disabling of filesystems via whitelist
diff --git a/README.md b/README.md
@@ -84,6 +84,8 @@ We disable the following filesystems, because they're most likely not used:
  * "udf"
  * "vfat"
 
+To prevent some of the filesystems from being disabled, add them to the `os_filesystem_whitelist` variable.
+
 ## Example Playbook
 
     - hosts: localhost
diff --git a/default.yml b/default.yml
@@ -18,6 +18,7 @@
     os_auth_allow_homeless: true
     os_security_suid_sgid_blacklist: ['/bin/umount']
     os_security_suid_sgid_whitelist: ['/usr/bin/rlogin']
+    os_filesystem_whitelist: ['vfat']
     sysctl_config:
       net.ipv4.ip_forward: 0
       net.ipv6.conf.all.forwarding: 0
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -194,3 +194,5 @@ os_unused_filesystems:
   - "udf"
   - "vfat"
 
+# whitelist for used filesystems
+os_filesystem_whitelist: []
diff --git a/templates/modprobe.j2 b/templates/modprobe.j2
@@ -1,5 +1,5 @@
-# {{ ansible_managed | comment }}
+{{ ansible_managed | comment }}
 
-{% for fs in os_unused_filesystems %}
+{% for fs in os_unused_filesystems | difference(os_filesystem_whitelist) %}
 install {{fs}} /bin/true
 {% endfor %}
