From ad9c25a54f6792f9246a0edf86b2c6cb1b96421e Mon Sep 17 00:00:00 2001
From: Evan Kaufman <evan@digitalflophouse.com>
Date: Sat, 24 Dec 2016 18:57:13 -0800
Subject: [PATCH] Apply SELinux context only if cron_file param exists

Use selinux calls in module_utils/basic instead of native selinux bindings

Fixes #18768
---
 lib/ansible/modules/system/cron.py | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/lib/ansible/modules/system/cron.py b/lib/ansible/modules/system/cron.py
index 6e87147f39..764f19362f 100644
--- a/lib/ansible/modules/system/cron.py
+++ b/lib/ansible/modules/system/cron.py
@@ -237,12 +237,6 @@ import tempfile
 import platform
 import pipes
 
-try:
-    import selinux
-    HAS_SELINUX = True
-except ImportError:
-    HAS_SELINUX = False
-
 CRONCMD = "/usr/bin/crontab"
 
 class CronTabError(Exception):
@@ -345,8 +339,8 @@ class CronTab(object):
                 self.module.fail_json(msg=err)
 
         # set SELinux permissions
-        if HAS_SELINUX:
-            selinux.selinux_lsetfilecon_default(self.cron_file)
+        if self.module.selinux_enabled() and self.cron_file:
+            self.module.set_default_selinux_context(self.cron_file, False)
 
     def do_comment(self, name):
         return "%s%s" % (self.ansible, name)