diff --git a/test/integration/targets/seboolean/aliases b/test/integration/targets/seboolean/aliases new file mode 100644 index 0000000000..53b32510a0 --- /dev/null +++ b/test/integration/targets/seboolean/aliases @@ -0,0 +1,2 @@ +needs/root +posix/ci/group2 diff --git a/test/integration/targets/seboolean/tasks/main.yml b/test/integration/targets/seboolean/tasks/main.yml new file mode 100644 index 0000000000..df21691c37 --- /dev/null +++ b/test/integration/targets/seboolean/tasks/main.yml @@ -0,0 +1,22 @@ +# (c) 2017, Martin Krizek + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- include: seboolean.yml + when: + - ansible_selinux is defined + - ansible_selinux != False + - ansible_selinux.status == 'enabled' diff --git a/test/integration/targets/seboolean/tasks/seboolean.yml b/test/integration/targets/seboolean/tasks/seboolean.yml new file mode 100644 index 0000000000..904637ca67 --- /dev/null +++ b/test/integration/targets/seboolean/tasks/seboolean.yml @@ -0,0 +1,74 @@ +# (c) 2017, Martin Krizek + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: Cleanup + shell: setsebool -P httpd_can_network_connect 0 +########################################################################################## +- name: set flag and don't keep it persistent + seboolean: + name: httpd_can_network_connect + state: yes + register: output + +- name: get getsebool output + shell: semanage boolean -l | grep 'httpd_can_network_connect\W' + register: getsebool_output + +- name: check output + assert: + that: + - output|changed + - not output|failed + - output.name == 'httpd_can_network_connect' + - getsebool_output.stdout.startswith('httpd_can_network_connect (on , off)') +########################################################################################## +- name: unset flag + seboolean: + name: httpd_can_network_connect + state: no + +- name: get getsebool output + shell: semanage boolean -l | grep 'httpd_can_network_connect\W' + register: getsebool_output + +- name: check output + assert: + that: + - output|changed + - not output|failed + - output.name == 'httpd_can_network_connect' + - getsebool_output.stdout.startswith('httpd_can_network_connect (off , off)') +########################################################################################## +- name: set flag and keep it persistent + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + register: output + +- name: get getsebool output + shell: semanage boolean -l | grep 'httpd_can_network_connect\W' + register: getsebool_output + +- name: check output + assert: + that: + - output|changed + - not output|failed + - output.name == 'httpd_can_network_connect' + - getsebool_output.stdout.startswith('httpd_can_network_connect (on , on)') +##########################################################################################