f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
20 lines
678 B
ReStructuredText
20 lines
678 B
ReStructuredText
---
|
|
id: V-72039
|
|
status: implemented - red hat only
|
|
tag: lsm
|
|
---
|
|
|
|
The tasks in the security role examine the SELinux contexts on each device file
|
|
found on the system. Any devices without appropriate labels are printed in
|
|
the Ansible output.
|
|
|
|
Deployers should investigate the unlabeled devices and ensure that the correct
|
|
labels are applied for the class of device.
|
|
|
|
.. note::
|
|
|
|
This change applies only to CentOS or Red Hat Enterprise Linux systems
|
|
since they rely on SELinux as their default Linux Security Module (LSM).
|
|
Ubuntu, openSUSE Leap and SUSE Linux Enterprise systems use AppArmor, which
|
|
uses policy files rather than labels applied to individual files.
|