selinux: update kernel boot params when disabling/re-enabling SELinux
SUMMARY
The ability to disable SELinux from userspace based on the configuration
file is being deprecated in favor of the selinux=0 kernel boot
parameter. (Note that this affects only the "full" disable; switching
to/from permissive mode will work the same as before.)
Therefore, enhance the selinux module to try to set/unset the kernel
command-line parameter using grubby when enabling/disabling SELinux.
If the grubby package is not present on the system, the module will only
update the config file and report a warning. Note that even with the
runtime disable functionality removed, setting SELINUX=disabled in the
config file will lead to a system with no SELinux policy loaded, which
will behave in a very similar way as if SELinux was fully disabled, only
there could still be some minor performance impact, since the kernel
hooks will still be active.
More information:
https://lore.kernel.org/selinux/157836784986.560897.13893922675143903084.stgit@chester/https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
selinux module
Reviewed-by: Adam Miller <maxamillion@fedoraproject.org>
Reviewed-by: Ondrej Mosnáček <omosnacek@gmail.com>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: quidame <None>
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: None <None>
The ability to disable SELinux from userspace based on the configuration
file is being deprecated in favor of the selinux=0 kernel boot
parameter. (Note that this affects only the "full" disable; switching
to/from permissive mode will work the same as before.)
Therefore, add an 'update_kernel_param' module parameter that will cause
it to set/unset the kernel command-line parameter using grubby when
enabling/disabling SELinux. (An explicit parameter was chosen for
backwards compatibility.)
More information:
https://lore.kernel.org/selinux/157836784986.560897.13893922675143903084.stgit@chester/https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Add bindep.txt file for execution environments
This adds rsync to the bindep.txt file, which will ensure rsync is
installed as a dependency for execution environments.
Signed-off-by: Paul Belanger pabelanger@redhat.com
Reviewed-by: None <None>
This adds rsync to the bindep.txt file, which will ensure rsync is
installed as a dependency for execution environments.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
authorized_key: add lookup.url example
SUMMARY
Add lookup.url example since using split_lines=False is not straight-forward.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix.authorized_key
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Simon Legner <Simon.Legner@gmail.com>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
Display warning message for masquerade and icmp-block-inversion
SUMMARY
Display warning message if the wrong parameter set to masquerade or icmp-block-inversion
Fixes#249
It is a part of #249. Currently, the variable type of the above two parameters is str, but will be changed to bool in the future. As a starting point, this fix displays a warning message if a non-boolean value is specified.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
None
Reviewed-by: Andrew Klychkov <aaklychkov@mail.ru>
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
Modify version number to prepare next release 1.4.0
SUMMARY
Modify the version number to prepare next release.
1.3.0 => 1.4.0
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Reviewed-by: Andrew Klychkov <aaklychkov@mail.ru>
Reviewed-by: None <None>
Fix requires firewalld version in comments for permanent parameter.
SUMMARY
Version of firewalled seems to be wrong. 3.0.9 version of that package does not exist.
The latest release of firewalled: https://github.com/firewalld/firewalld/releases
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix.firewalld
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Andrew Klychkov <aaklychkov@mail.ru>
Reviewed-by: None <None>
Properly quote Synchronize
SUMMARY
The synchronize action plugin and module were a bit sloppy when it came to the command-line parameter quoting and that caused failure on some systems (for example, on Fedora 34).
This commit makes sure any arguments with potentially problematic characters are quoted before being used.
Fixes#242
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
synchronize
Reviewed-by: Sergey <None>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
Update AZP config
SUMMARY
Fixes ansible-collections/overview#45
Fixes#236
DESCRIPTION
The following changes are for the devel version test sections:
Remove: fedora32
Remove: freebsd/11.4
Remove: rhel/8.3
Add: fedora34
Add: freebsd/13.0
Add: rhel/8.4
ISSUE TYPE
Test Pull Request
COMPONENT NAME
CI
Reviewed-by: Andrew Klychkov <aaklychkov@mail.ru>
Reviewed-by: None <None>
Fix: sysctl integration test - virtualization type
SUMMARY
sysctl integration tests inside docker are being skipped as the check ansible_facts.virtualization_type == 'docker' fails.
On Debugging, ansible_facts.virtualization_type is being returned as "container".
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
sysctl
ADDITIONAL INFORMATION
Ansible Version
ansible [core 2.11.2]
Docker Version
Docker version 20.10.7, build f0df350
OS
Fedora 34
Actual Results
PLAY RECAP *********************************************************************
testhost : ok=1 changed=0 unreachable=0 failed=0 skipped=44 rescued=0 ignored=0
Likely this code is related: https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/facts/virtual/linux.py#L113
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Update README.md with ansible versions and release notes
SUMMARY
Update README.md with ansible versions and release notes:
Update ansible-core versions in the Tested with ansible section.
Change the Release notes section to use CHANGELOG.rst link.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
The synchronize action plugin and module were a bit sloppy when it
came to the command-line parameter quoting and that caused failuer on
some systems (for example, on Fedora 34).
This commit makes sure any argumnts with potentially problematic
characters are quoted before being used.
* Update ansible-core versions in the Tested with ansible section.
* Change the Release notes section to use CHANGELOG.rst link.
Signed-off-by: Hideki Saito <saito@fgrep.org>
Add new firewalld_info module to ansible.posix collection
SUMMARY
Add new firewalld_info module to ansible.posix collection.
Gathering information about firewalld zone settings
fixes#98
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix.firewalld_info
ADDITIONAL INFORMATION
None
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Hideki Saito <saito@fgrep.org>
