Skip to content

Commit

Permalink
fix(googleauth): use semanage instead of salt module
Browse files Browse the repository at this point in the history 
selinux.fcontext_policy_present only works once, if the policy is
already present the salt state errors, add an unless statement to
check if the policy is already in place.

Error:
  ----------
            ID: users_googleauth_selinux_present
      Function: selinux.fcontext_policy_present
          Name: /etc/google_authenticator.d(/.*)?
        Result: False
       Comment: Error adding new rule: {'pid': 10389, 'retcode': 1, 'stdout': '', 'stderr': 'ValueError: File context for /etc/google_authenticator.d(/.*)? already defined'}
       Started: 07:14:38.736705
      Duration: 609.271 ms
       Changes:
  • Loading branch information
@opserve-menno
opserve-menno committed May 12, 2023
1 parent a8bdbf2 commit 1022581
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions users/googleauth.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ users_googleauth_selinux_present:
- sel_user: unconfined_u
- sel_type: ssh_home_t
- sel_level: s0
- unless: "semanage fcontext -l | grep '{{ users.googleauth_dir }}(/.*)?' | grep ssh_home_t"
- require:
- pkg: policycoreutils-package
{%- endif %}
Expand Down

0 comments on commit 1022581

Please sign in to comment.