Check apparmor_status output
This patch adds a check for the output of `apparmor_status` to get a more accurate state of AppArmor's status. This should fix idempotency issues that are plaguing the gate jobs. Closes-Bug: 1715223 Change-Id: I10bb3212a3cc26ed27aa38cdc2e42ece722a6497
This commit is contained in:
Major Hayden
parent
9c21000834
commit
75c06173c7
|
|
@ -13,11 +13,12 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Check if AppArmor is disabled at boot time
|
||||
shell: "dmesg | grep -i apparmor || true"
|
||||
register: dmesg_apparmor_output
|
||||
changed_when: False
|
||||
- name: Check apparmor_status output
|
||||
command: apparmor_status
|
||||
register: apparmor_status_output
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
when:
|
||||
- ansible_pkg_mgr in ['apt', 'zypper']
|
||||
tags:
|
||||
|
|
@ -48,8 +49,6 @@
|
|||
when:
|
||||
- ansible_pkg_mgr in ['apt', 'zypper']
|
||||
- security_rhel7_enable_linux_security_module | bool
|
||||
- not check_mode
|
||||
- '"AppArmor disabled by boot time parameter" not in dmesg_apparmor_output.stdout'
|
||||
tags:
|
||||
- high
|
||||
- V-71989
|
||||
|
|
@ -67,7 +66,7 @@
|
|||
- ansible_pkg_mgr in ['apt', 'zypper']
|
||||
- security_rhel7_enable_linux_security_module | bool
|
||||
- not check_mode
|
||||
- '"AppArmor disabled by boot time parameter" not in dmesg_apparmor_output.stdout'
|
||||
- '"apparmor filesystem is not mounted" not in apparmor_status_output.stderr'
|
||||
tags:
|
||||
- high
|
||||
- V-71989
|
||||
|
|
|
|||
Loading…
Reference in New Issue