From 1fa9a29eb66cf0c3dfc5caef46f07afd64c3738c Mon Sep 17 00:00:00 2001 From: gcalcaterra Date: Fri, 10 Feb 2023 19:09:03 -0300 Subject: [PATCH 1/2] Correct when conditional in task that sets SELinux in permissive mode As how the "when" condition was before: "not (ansible_check_mode and nginx_config_selinux_enforcing)", it was giving TRUE when it shouldn't because with the "and" when one of the two items is a FALSE, the whole parenthesis becomes FALSE. In the corrected way, it skips when the nginx_config_selinux_enforcing is in TRUE, as it should. --- tasks/prerequisites/setup-selinux.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index fa6c29be..0f497a3b 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -11,7 +11,9 @@ ansible.posix.selinux: state: permissive policy: targeted - when: not (ansible_check_mode and nginx_config_selinux_enforcing) + when: + - not ansible_check_mode + - not nginx_config_selinux_enforcing - name: Allow SELinux HTTP network connections ansible.posix.seboolean: From 02d226de3a6d5d45ba4950a627fd0d7f43aa6ad2 Mon Sep 17 00:00:00 2001 From: gcalcaterra Date: Fri, 10 Feb 2023 19:14:08 -0300 Subject: [PATCH 2/2] Add policycoreutils-python-utils yum package for SELinux The package policycoreutils-python-utils is needed in RHEL8, if it is no installed the playbook prints and ERROR with ModuleNotFoundError message for the 'semanage' module. --- tasks/prerequisites/setup-selinux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index 0f497a3b..d99aaf58 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -4,6 +4,7 @@ name: - libselinux-utils - policycoreutils + - policycoreutils-python-utils - selinux-policy-targeted when: ansible_facts['os_family'] == "RedHat"