f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
678 B
678 B
---id: V-72039 status: implemented - red hat only tag: lsm ---
The tasks in the security role examine the SELinux contexts on each device file found on the system. Any devices without appropriate labels are printed in the Ansible output.
Deployers should investigate the unlabeled devices and ensure that the correct labels are applied for the class of device.
Note
This change applies only to CentOS or Red Hat Enterprise Linux systems since they rely on SELinux as their default Linux Security Module (LSM). Ubuntu, openSUSE Leap and SUSE Linux Enterprise systems use AppArmor, which uses policy files rather than labels applied to individual files.