From 579a3f0ad9c450e2ce69b58ad72d13171633e31d Mon Sep 17 00:00:00 2001
From: Carson Dunbar <carsondunbar@google.com>
Date: Wed, 16 Oct 2024 16:05:22 +0000
Subject: [PATCH] Updating selinux role to get around selinux module
 incompatibilities

---
 ansible/roles/selinux/tasks/main.yml | 30 +++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/ansible/roles/selinux/tasks/main.yml b/ansible/roles/selinux/tasks/main.yml
index 5239dce2..0d668949 100644
--- a/ansible/roles/selinux/tasks/main.yml
+++ b/ansible/roles/selinux/tasks/main.yml
@@ -14,14 +14,26 @@
 # limitations under the License.
 
 - block:
-  - name: Disable SELinux
-    selinux:
-      configfile: '{{selinux_conf}}'
-      state: disabled
-      policy: targeted
-    register: status
+  - name: Check SELinux
+    stat:
+      path: "{{ selinux_conf }}"
+    register: stat_result
 
-  - name: Reboot
-    reboot:
-    when: status.reboot_required and reboot
+  - block:
+    - name: Ensure SELinux is set to disabled mode
+      ansible.builtin.lineinfile:
+        path: "{{ selinux_conf }}"
+        regexp: '^SELINUX='
+        line: SELINUX=disabled
+
+    - name: Ensure SELinux is set to targeted mode
+      ansible.builtin.lineinfile:
+        path: "{{ selinux_conf }}"
+        regexp: '^SELINUXTYPE='
+        line: SELINUXTYPE=targeted
+
+    - name: Reboot
+      reboot:
+      when: reboot
+    when: stat_result.stat.exists
   when: ansible_os_family == "RedHat"