ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Ported over #7158 to support SELinux context switches.

Browse source
This commit is contained in:
Florian Apolloner 2015-09-17 14:59:22 +02:00
commit d9f873495e
4 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/ansible/constants.py
View file

@ -173,6 +173,7 @@ DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE
# Become
BECOME_ERROR_STRINGS = {'sudo': 'Sorry, try again.', 'su': 'Authentication failure', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Permission denied'} #FIXME: deal with i18n
BECOME_METHODS = ['sudo','su','pbrun','pfexec','runas','doas']
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, boolean=True)
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD','sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo' ).lower()
DEFAULT_BECOME = get_config(p, 'privilege_escalation', 'become', 'ANSIBLE_BECOME',False, boolean=True)
DEFAULT_BECOME_USER = get_config(p, 'privilege_escalation', 'become_user', 'ANSIBLE_BECOME_USER', 'root')

4
lib/ansible/plugins/action/__init__.py
View file

@ -453,7 +453,9 @@ class ActionBase:
self._display.debug("no command, exiting _low_level_execute_command()")
return dict(stdout='', stderr='')
if sudoable and self._play_context.become and self._play_context.become_user != self._play_context.remote_user:
allow_same_user = C.BECOME_ALLOW_SAME_USER
same_user = self._play_context.become_user == self._play_context.remote_user
if sudoable and self._play_context.become and (allow_same_user or not same_user):
self._display.debug("using become for this command")
cmd = self._play_context.make_become_cmd(cmd, executable=executable)