Skip to content

Commit 35ab929

Browse files
berndfingerberndfinger
authored
Merge pull request #1036 from berndfinger/issue-1034-selinux-kernel-command-line-rhel-10
sap_general_preconfigure: Solve issue #1034
2 parents 2ad5941 + 05221da commit 35ab929

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,10 @@
4343
changed_when: false
4444
when: __sap_general_preconfigure_fact_selinux_mode != sap_general_preconfigure_selinux_state
4545

46-
- name: Set or unset SELinux kernel parameter, RHEL 8 and RHEL 9
46+
- name: Set or unset SELinux kernel parameter, RHEL >= 8
4747
when:
4848
- ansible_os_family == 'RedHat'
49-
- ( ansible_distribution_major_version == '8' or
50-
ansible_distribution_major_version == '9'
51-
)
49+
- ansible_distribution_major_version | int >= 8
5250
block:
5351

5452
- name: SELinux - Examine grub entries
@@ -57,7 +55,7 @@
5755
check_mode: false
5856
changed_when: false
5957

60-
- name: Disable SELinux on the kernel command line, RHEL 8 and RHEL 9
58+
- name: Disable SELinux on the kernel command line, RHEL >= 8
6159
when:
6260
- sap_general_preconfigure_selinux_state == 'disabled'
6361
- __sap_general_preconfigure_register_grubby_info_all_selinux.stdout.split(' ').1 !=
@@ -67,7 +65,7 @@
6765
# If the number of grub entries for args is different from the number of grub entries with "selinux=0",
6866
# we know that at least one grub entry is missing "selinux=0", so we make sure that all grub entries
6967
# contain "selinux=0"
70-
- name: Disable SELinux also on the kernel command line, RHEL 8 and RHEL 9
68+
- name: Disable SELinux also on the kernel command line, RHEL >= 8
7169
ansible.builtin.command: grubby --args="selinux=0" --update-kernel=ALL
7270
notify: __sap_general_preconfigure_reboot_handler
7371
changed_when: true
@@ -77,7 +75,7 @@
7775
ansible.builtin.set_fact:
7876
sap_general_preconfigure_fact_reboot_required: true
7977

80-
- name: Enable SELinux on the kernel command line, RHEL 8 and RHEL 9
78+
- name: Enable SELinux on the kernel command line, RHEL >= 8
8179
when:
8280
- sap_general_preconfigure_selinux_state == 'enforcing' or
8381
sap_general_preconfigure_selinux_state == 'permissive'
@@ -86,7 +84,7 @@
8684

8785
# If the number of grub entries for args with "selinux=0" is not 0, we know that there is at least
8886
# one grub entry with "selinux=0", so we make sure that no grub entry contains "selinux=0"
89-
- name: Make sure SELinux is not disabled on the kernel command line, RHEL 8 and RHEL 9
87+
- name: Make sure SELinux is not disabled on the kernel command line, RHEL >= 8
9088
ansible.builtin.command: grubby --remove-args="selinux" --update-kernel=ALL
9189
notify: __sap_general_preconfigure_reboot_handler
9290
changed_when: true

0 commit comments

Comments
 (0)