# STDOUT: ---v---v---v---v---v--- Using /etc/ansible/ansible.cfg as config file PLAY [Ensure the default is targeted, enforcing, without local modifications] *** TASK [Gathering Facts] ********************************************************* ok: [sut] TASK [Ensure SELinux tool semanage] ******************************************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Add a Linux System Roles SELinux User] *********************************** changed: [sut] => { "changed": true, "comment": "Linux System Roles SELinux User", "create_home": true, "group": 500, "home": "/home/sar-user", "name": "sar-user", "shell": "/bin/bash", "state": "present", "system": false, "uid": 500 } TASK [Add some mapping] ******************************************************** ok: [sut] => { "changed": false, "cmd": "set -euo pipefail\necho -e -n \"boolean -m --on samba_enable_home_dirs\nport -a -p tcp -t ssh_port_t 22100\nfcontext -a -t user_home_dir_t /tmp/test_dir\nlogin -a -s staff_u sar-user\n\" | /usr/sbin/semanage -i -", "delta": "0:00:29.151670", "end": "2022-05-05 06:09:27.958979", "rc": 0, "start": "2022-05-05 06:08:58.807309" } TASK [Backup original /etc/selinux/config] ************************************* changed: [sut] => { "changed": true, "checksum": "cab88436a995588a974c0bd5edd544fd419eab43", "dest": "/etc/selinux/config.test_selinux_disabled", "gid": 0, "group": "root", "md5sum": "91081ef6d958e79795d0255d7c374a56", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:selinux_config_t:s0", "size": 458, "src": "/etc/selinux/config", "state": "file", "uid": 0 } TASK [Upload testing /etc/selinux/config] ************************************** changed: [sut] => { "changed": true, "checksum": "385caf4e178c9a1dfcdaac71738934c735201480", "dest": "/etc/selinux/config", "gid": 0, "group": "root", "md5sum": "293160d55f3a26d5bc687154d028eb47", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:selinux_config_t:s0", "size": 547, "src": "/root/.ansible/tmp/ansible-tmp-1651730971.735518-10198-212078082408729/source", "state": "file", "uid": 0 } TASK [Switch to permissive to allow login when selinuxfs is not mounted] ******* ok: [sut] => { "changed": false, "cmd": [ "setenforce", "0" ], "delta": "0:00:00.083605", "end": "2022-05-05 06:09:36.696875", "rc": 0, "start": "2022-05-05 06:09:36.613270" } TASK [Get selinuxfs mountpoint] ************************************************ ok: [sut] => { "changed": false, "cmd": "findmnt -n -t selinuxfs --output=target", "delta": "0:00:00.004328", "end": "2022-05-05 06:09:37.765015", "rc": 0, "start": "2022-05-05 06:09:37.760687" } STDOUT: /selinux TASK [Umount /selinux to emulate SELinux disabled system # noqa 303] ********** ok: [sut] => { "changed": false, "cmd": [ "umount", "-l", "/selinux" ], "delta": "0:00:00.036232", "end": "2022-05-05 06:09:38.804466", "rc": 0, "start": "2022-05-05 06:09:38.768234" } TASK [include_role : linux-system-roles.selinux] ******************************* TASK [linux-system-roles.selinux : Set ansible_facts required by role and install packages] *** included: /WORKDIR/dist-git-selinux-benblasco_add_seuser_selevel-95dlfF/tests/roles/linux-system-roles.selinux/tasks/set_facts_packages.yml for sut TASK [linux-system-roles.selinux : Ensure ansible_facts used by role] ********** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Install SELinux python2 tools] ************** ok: [sut] => { "changed": false, "rc": 0, "results": [ "libselinux-python-2.0.94-7.el6.x86_64 providing libselinux-python is already installed", "policycoreutils-python-2.0.83-30.1.el6_8.x86_64 providing policycoreutils-python is already installed" ] } TASK [linux-system-roles.selinux : Install SELinux python3 tools] ************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : refresh facts] ****************************** ok: [sut] TASK [linux-system-roles.selinux : Install SELinux tool semanage] ************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Set permanent SELinux state if enabled] ***** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Set permanent SELinux state if disabled] **** changed: [sut] => { "changed": true, "configfile": "/etc/selinux/config", "policy": "targeted", "reboot_required": true, "state": "enforcing" } MSG: Config SELinux state changed from 'disabled' to 'enforcing' TASK [linux-system-roles.selinux : Set selinux_reboot_required] **************** ok: [sut] => { "ansible_facts": { "selinux_reboot_required": true }, "changed": false } TASK [linux-system-roles.selinux : Fail if reboot is required] ***************** fatal: [sut]: FAILED! => { "changed": false } MSG: Reboot is required to apply changes. Re-execute the role after boot. TASK [examine the selinux_reboot_required variable] **************************** ok: [sut] => { "ansible_facts": { "test_selinux_reboot_required": true }, "changed": false } TASK [check that the role has failed and set the correct variable] ************* ok: [sut] => { "changed": false } MSG: All assertions passed TASK [Mount /selinux back to system] ******************************************* ok: [sut] => { "changed": false, "cmd": [ "mount", "-t", "selinuxfs", "selinuxfs", "/selinux" ], "delta": "0:00:00.014023", "end": "2022-05-05 06:09:59.693686", "rc": 0, "start": "2022-05-05 06:09:59.679663" } TASK [Switch back to enforcing] ************************************************ ok: [sut] => { "changed": false, "cmd": [ "setenforce", "1" ], "delta": "0:00:00.028489", "end": "2022-05-05 06:10:00.622315", "rc": 0, "start": "2022-05-05 06:10:00.593826" } TASK [Gather facts again] ****************************************************** ok: [sut] TASK [Check SELinux config mode] *********************************************** ok: [sut] => { "changed": false } MSG: All assertions passed TASK [Restore original /etc/selinux/config] ************************************ changed: [sut] => { "changed": true, "checksum": "cab88436a995588a974c0bd5edd544fd419eab43", "dest": "/etc/selinux/config", "gid": 0, "group": "root", "md5sum": "91081ef6d958e79795d0255d7c374a56", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 458, "src": "/etc/selinux/config.test_selinux_disabled", "state": "file", "uid": 0 } TASK [Remove /etc/selinux/config backup] *************************************** changed: [sut] => { "changed": true, "path": "/etc/selinux/config.test_selinux_disabled", "state": "absent" } TASK [Remove Linux System Roles SELinux User] ********************************** changed: [sut] => { "changed": true, "force": false, "name": "sar-user", "remove": true, "state": "absent" } TASK [include_role : linux-system-roles.selinux] ******************************* TASK [linux-system-roles.selinux : Set ansible_facts required by role and install packages] *** included: /WORKDIR/dist-git-selinux-benblasco_add_seuser_selevel-95dlfF/tests/roles/linux-system-roles.selinux/tasks/set_facts_packages.yml for sut TASK [linux-system-roles.selinux : Ensure ansible_facts used by role] ********** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Install SELinux python2 tools] ************** ok: [sut] => { "changed": false, "rc": 0, "results": [ "libselinux-python-2.0.94-7.el6.x86_64 providing libselinux-python is already installed", "policycoreutils-python-2.0.83-30.1.el6_8.x86_64 providing policycoreutils-python is already installed" ] } TASK [linux-system-roles.selinux : Install SELinux python3 tools] ************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : refresh facts] ****************************** ok: [sut] TASK [linux-system-roles.selinux : Install SELinux tool semanage] ************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Set permanent SELinux state if enabled] ***** ok: [sut] => { "changed": false, "configfile": "/etc/selinux/config", "policy": "targeted", "reboot_required": false, "state": "enforcing" } TASK [linux-system-roles.selinux : Set permanent SELinux state if disabled] **** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Set selinux_reboot_required] **************** ok: [sut] => { "ansible_facts": { "selinux_reboot_required": false }, "changed": false } TASK [linux-system-roles.selinux : Fail if reboot is required] ***************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Warn if SELinux is disabled] **************** skipping: [sut] => {} TASK [linux-system-roles.selinux : Drop all local modifications] *************** changed: [sut] => { "changed": true, "cmd": [ "/usr/sbin/semanage", "-i", "-" ], "delta": "0:00:27.635476", "end": "2022-05-05 06:10:37.964904", "rc": 0, "start": "2022-05-05 06:10:10.329428" } TASK [linux-system-roles.selinux : Purge all SELinux boolean local modifications] *** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Purge all SELinux file context local modifications] *** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Purge all SELinux port local modifications] *** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Purge all SELinux login local modifications] *** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.selinux : Set SELinux booleans] *********************** TASK [linux-system-roles.selinux : Set SELinux file contexts] ****************** TASK [linux-system-roles.selinux : Restore SELinux labels on filesystem tree] *** TASK [linux-system-roles.selinux : Restore SELinux labels on filesystem tree in check mode] *** TASK [linux-system-roles.selinux : Set an SELinux label on a port] ************* TASK [linux-system-roles.selinux : Set linux user to SELinux user mapping] ***** TASK [linux-system-roles.selinux : Get SELinux modules facts] ****************** ok: [sut] => { "ansible_facts": { "selinux_installed_modules": { "abrt": { "0": "enabled" }, "accountsd": { "0": "enabled" }, "ada": { "0": "enabled" }, "afs": { "0": "enabled" }, "aiccu": { "0": "enabled" }, "aide": { "0": "enabled" }, "amanda": { "0": "enabled" }, "amtu": { "0": "enabled" }, "antivirus": { "0": "enabled" }, "apache": { "0": "enabled" }, "apcupsd": { "0": "enabled" }, "arpwatch": { "0": "enabled" }, "asterisk": { "0": "enabled" }, "audioentropy": { "0": "enabled" }, "automount": { "0": "enabled" }, "avahi": { "0": "enabled" }, "awstats": { "0": "enabled" }, "bacula": { "0": "enabled" }, "bcfg2": { "0": "enabled" }, "bind": { "0": "enabled" }, "bitlbee": { "0": "enabled" }, "bluetooth": { "0": "enabled" }, "boinc": { "0": "enabled" }, "bugzilla": { "0": "enabled" }, "cachefilesd": { "0": "enabled" }, "calamaris": { "0": "enabled" }, "canna": { "0": "enabled" }, "ccs": { "0": "enabled" }, "cdrecord": { "0": "enabled" }, "certmaster": { "0": "enabled" }, "certmonger": { "0": "enabled" }, "certwatch": { "0": "enabled" }, "cfengine": { "0": "enabled" }, "cgroup": { "0": "enabled" }, "chrome": { "0": "enabled" }, "chronyd": { "0": "enabled" }, "cinder": { "0": "enabled" }, "cipe": { "0": "enabled" }, "clogd": { "0": "enabled" }, "cloudform": { "0": "enabled" }, "cmirrord": { "0": "enabled" }, "cobbler": { "0": "enabled" }, "collectd": { "0": "enabled" }, "comsat": { "0": "enabled" }, "condor": { "0": "enabled" }, "conman": { "0": "enabled" }, "consolekit": { "0": "enabled" }, "courier": { "0": "enabled" }, "cpufreqselector": { "0": "enabled" }, "ctdbd": { "0": "enabled" }, "cups": { "0": "enabled" }, "cvs": { "0": "enabled" }, "cyphesis": { "0": "enabled" }, "cyrus": { "0": "enabled" }, "daemontools": { "0": "enabled" }, "dbskk": { "0": "enabled" }, "dcc": { "0": "enabled" }, "ddclient": { "0": "enabled" }, "denyhosts": { "0": "enabled" }, "devicekit": { "0": "enabled" }, "dhcp": { "0": "enabled" }, "dictd": { "0": "enabled" }, "dirsrv": { "0": "enabled" }, "dirsrv-admin": { "0": "enabled" }, "dnsmasq": { "0": "enabled" }, "dovecot": { "0": "enabled" }, "drbd": { "0": "enabled" }, "dspam": { "0": "enabled" }, "ethereal": { "0": "enabled" }, "execmem": { "0": "enabled" }, "exim": { "0": "enabled" }, "fail2ban": { "0": "enabled" }, "fcoemon": { "0": "enabled" }, "fetchmail": { "0": "enabled" }, "finger": { "0": "enabled" }, "firewallgui": { "0": "enabled" }, "fprintd": { "0": "enabled" }, "freeipmi": { "0": "enabled" }, "ftp": { "0": "enabled" }, "games": { "0": "enabled" }, "git": { "0": "enabled" }, "gitosis": { "0": "enabled" }, "glance": { "0": "enabled" }, "glusterd": { "0": "enabled" }, "gnome": { "0": "enabled" }, "gnomeclock": { "0": "enabled" }, "gpg": { "0": "enabled" }, "gpm": { "0": "enabled" }, "gpsd": { "0": "enabled" }, "guest": { "0": "enabled" }, "hal": { "0": "enabled" }, "hddtemp": { "0": "enabled" }, "howl": { "0": "enabled" }, "hypervkvp": { "0": "enabled" }, "icecast": { "0": "enabled" }, "inn": { "0": "enabled" }, "ipsec": { "0": "enabled" }, "irc": { "0": "enabled" }, "iscsi": { "0": "enabled" }, "isns": { "0": "enabled" }, "jabber": { "0": "enabled" }, "java": { "0": "enabled" }, "kdump": { "0": "enabled" }, "kdumpgui": { "0": "enabled" }, "keepalived": { "0": "enabled" }, "kerberos": { "0": "enabled" }, "kerneloops": { "0": "enabled" }, "keystone": { "0": "enabled" }, "kismet": { "0": "enabled" }, "ksmtuned": { "0": "enabled" }, "ktalk": { "0": "enabled" }, "l2tpd": { "0": "enabled" }, "ldap": { "0": "enabled" }, "likewise": { "0": "enabled" }, "linuxptp": { "0": "enabled" }, "lircd": { "0": "enabled" }, "livecd": { "0": "enabled" }, "lldpad": { "0": "enabled" }, "lockdev": { "0": "enabled" }, "logadm": { "0": "enabled" }, "lpd": { "0": "enabled" }, "lsm": { "0": "enabled" }, "mailman": { "0": "enabled" }, "matahari": { "0": "enabled" }, "mediawiki": { "0": "enabled" }, "memcached": { "0": "enabled" }, "milter": { "0": "enabled" }, "mip6d": { "0": "enabled" }, "mirrormanager": { "0": "enabled" }, "modemmanager": { "0": "enabled" }, "mono": { "0": "enabled" }, "mozilla": { "0": "enabled" }, "mpd": { "0": "enabled" }, "mplayer": { "0": "enabled" }, "mrtg": { "0": "enabled" }, "munin": { "0": "enabled" }, "mysql": { "0": "enabled" }, "nagios": { "0": "enabled" }, "namespace": { "0": "enabled" }, "ncftool": { "0": "enabled" }, "netlabel": { "0": "enabled" }, "nis": { "0": "enabled" }, "nova": { "0": "enabled" }, "nslcd": { "0": "enabled" }, "nsplugin": { "0": "enabled" }, "ntop": { "0": "enabled" }, "ntp": { "0": "enabled" }, "numad": { "0": "enabled" }, "nut": { "0": "enabled" }, "nx": { "0": "enabled" }, "oddjob": { "0": "enabled" }, "openct": { "0": "enabled" }, "openhpid": { "0": "enabled" }, "openoffice": { "0": "enabled" }, "openshift": { "0": "enabled" }, "openshift-origin": { "0": "enabled" }, "openvpn": { "0": "enabled" }, "openvswitch": { "0": "enabled" }, "openwsman": { "0": "enabled" }, "oracleasm": { "0": "enabled" }, "osad": { "0": "enabled" }, "pads": { "0": "enabled" }, "passenger": { "0": "enabled" }, "pcp": { "0": "enabled" }, "pcscd": { "0": "enabled" }, "pegasus": { "0": "enabled" }, "permissivedomains": { "0": "enabled" }, "pingd": { "0": "enabled" }, "piranha": { "0": "enabled" }, "pkcsslotd": { "0": "enabled" }, "plymouthd": { "0": "enabled" }, "podsleuth": { "0": "enabled" }, "policykit": { "0": "enabled" }, "portmap": { "0": "enabled" }, "portreserve": { "0": "enabled" }, "postfix": { "0": "enabled" }, "postgresql": { "0": "enabled" }, "postgrey": { "0": "enabled" }, "ppp": { "0": "enabled" }, "prelude": { "0": "enabled" }, "privoxy": { "0": "enabled" }, "procmail": { "0": "enabled" }, "psad": { "0": "enabled" }, "ptchown": { "0": "enabled" }, "publicfile": { "0": "enabled" }, "pulseaudio": { "0": "enabled" }, "puppet": { "0": "enabled" }, "pyzor": { "0": "enabled" }, "qemu": { "0": "enabled" }, "qmail": { "0": "enabled" }, "qpidd": { "0": "enabled" }, "quantum": { "0": "enabled" }, "radius": { "0": "enabled" }, "radvd": { "0": "enabled" }, "razor": { "0": "enabled" }, "rdisc": { "0": "enabled" }, "redis": { "0": "enabled" }, "remotelogin": { "0": "enabled" }, "rhcs": { "0": "enabled" }, "rhev": { "0": "enabled" }, "rhgb": { "0": "enabled" }, "rhnsd": { "0": "enabled" }, "rhsmcertd": { "0": "enabled" }, "rhts": { "0": "enabled" }, "ricci": { "0": "enabled" }, "rlogin": { "0": "enabled" }, "roundup": { "0": "enabled" }, "rpcbind": { "0": "enabled" }, "rshd": { "0": "enabled" }, "rssh": { "0": "enabled" }, "rsync": { "0": "enabled" }, "rtas": { "0": "enabled" }, "rtkit": { "0": "enabled" }, "rwho": { "0": "enabled" }, "samba": { "0": "enabled" }, "sambagui": { "0": "enabled" }, "sandbox": { "0": "enabled" }, "sanlock": { "0": "enabled" }, "sasl": { "0": "enabled" }, "sblim": { "0": "enabled" }, "screen": { "0": "enabled" }, "sectoolm": { "0": "enabled" }, "sensord": { "0": "enabled" }, "seunshare": { "0": "enabled" }, "sge": { "0": "enabled" }, "shutdown": { "0": "enabled" }, "slocate": { "0": "enabled" }, "slpd": { "0": "enabled" }, "smartmon": { "0": "enabled" }, "smokeping": { "0": "enabled" }, "smoltclient": { "0": "enabled" }, "smstools": { "0": "enabled" }, "snmp": { "0": "enabled" }, "snort": { "0": "enabled" }, "sosreport": { "0": "enabled" }, "soundserver": { "0": "enabled" }, "spamassassin": { "0": "enabled" }, "squid": { "0": "enabled" }, "sssd": { "0": "enabled" }, "staff": { "0": "enabled" }, "stapserver": { "0": "enabled" }, "stunnel": { "0": "enabled" }, "svnserve": { "0": "enabled" }, "swift": { "0": "enabled" }, "sysadm_secadm": { "0": "enabled" }, "sysstat": { "0": "enabled" }, "tcpd": { "0": "enabled" }, "telepathy": { "0": "enabled" }, "telnet": { "0": "enabled" }, "tftp": { "0": "enabled" }, "tgtd": { "0": "enabled" }, "tmpreaper": { "0": "enabled" }, "tomcat": { "0": "enabled" }, "tor": { "0": "enabled" }, "tuned": { "0": "enabled" }, "tvtime": { "0": "enabled" }, "ulogd": { "0": "enabled" }, "uml": { "0": "enabled" }, "unconfined": { "0": "enabled" }, "unconfineduser": { "0": "enabled" }, "unlabelednet": { "0": "enabled" }, "unprivuser": { "0": "enabled" }, "usbmodules": { "0": "enabled" }, "usbmuxd": { "0": "enabled" }, "userhelper": { "0": "enabled" }, "usernetctl": { "0": "enabled" }, "uucp": { "0": "enabled" }, "uuidd": { "0": "enabled" }, "varnishd": { "0": "enabled" }, "vdagent": { "0": "enabled" }, "vhostmd": { "0": "enabled" }, "virt": { "0": "enabled" }, "vmware": { "0": "enabled" }, "vpn": { "0": "enabled" }, "w3c": { "0": "enabled" }, "watchdog": { "0": "enabled" }, "wdmd": { "0": "enabled" }, "webadm": { "0": "enabled" }, "webalizer": { "0": "enabled" }, "wine": { "0": "enabled" }, "xen": { "0": "enabled" }, "xfs": { "0": "enabled" }, "xguest": { "0": "enabled" }, "zabbix": { "0": "enabled" }, "zarafa": { "0": "enabled" }, "zebra": { "0": "enabled" }, "zosremote": { "0": "enabled" } }, "selinux_priorities": false }, "changed": false } TASK [linux-system-roles.selinux : include_tasks] ****************************** skipping: [sut] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [linux-system-roles.selinux : Reload SELinux policy] *********** changed: [sut] => { "changed": true, "cmd": [ "semodule", "-R" ], "delta": "0:00:02.071200", "end": "2022-05-05 06:10:41.818592", "rc": 0, "start": "2022-05-05 06:10:39.747392" } RUNNING HANDLER [linux-system-roles.selinux : Reload SELinux policy] *********** changed: [sut] => { "changed": true, "cmd": [ "semodule", "-R" ], "delta": "0:00:02.098676", "end": "2022-05-05 06:10:44.236861", "rc": 0, "start": "2022-05-05 06:10:42.138185" } PLAY RECAP ********************************************************************* sut : ok=31 changed=10 unreachable=0 failed=0 skipped=22 rescued=1 ignored=0 ---^---^---^---^---^--- # STDERR: ---v---v---v---v---v--- [WARNING]: Reboot is required to set SELinux state to 'enforcing' [WARNING]: Consider using the mount module rather than running 'mount'. If you need to use command because mount is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. ---^---^---^---^---^---