9bab144d06
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes #4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit
|
||
---|---|---|
.azure-pipelines | ||
.github | ||
.reuse | ||
changelogs | ||
docs/docsite | ||
LICENSES | ||
meta | ||
plugins | ||
tests | ||
.gitignore | ||
.pre-commit-config.yaml | ||
CHANGELOG.rst | ||
CHANGELOG.rst.license | ||
commit-rights.md | ||
CONTRIBUTING.md | ||
COPYING | ||
galaxy.yml | ||
README.md |
Community General Collection
This repository contains the community.general
Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
You can find documentation for this collection on the Ansible docs site.
Please note that this collection does not support Windows targets. Only connection plugins included in this collection might support Windows targets, and will explicitly mention that in their documentation if they do so.
Code of Conduct
We follow Ansible Code of Conduct in all our interactions within this project.
If you encounter abusive behavior violating the Ansible Code of Conduct, please refer to the policy violations section of the Code of Conduct for information on how to raise a complaint.
Tested with Ansible
Tested with the current ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14 releases and the current development version of ansible-core. Ansible-core versions before 2.11.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
Parts of this collection will not work with ansible-core 2.11 on Python 3.12+.
External requirements
Some modules and plugins require external libraries. Please check the requirements for each plugin or module you use in the documentation to find out which requirements are needed.
Included content
Please check the included content on the Ansible Galaxy page for this collection or the documentation on the Ansible docs site.
Using this collection
This collection is shipped with the Ansible package. So if you have it installed, no more action is required.
If you have a minimal installation (only Ansible Core installed) or you want to use the latest version of the collection along with the whole Ansible package, you need to install the collection from Ansible Galaxy manually with the ansible-galaxy
command-line tool:
ansible-galaxy collection install community.general
You can also include it in a requirements.yml
file and install it via ansible-galaxy collection install -r requirements.yml
using the format:
collections:
- name: community.general
Note that if you install the collection manually, it will not be upgraded automatically when you upgrade the Ansible package. To upgrade the collection to the latest available version, run the following command:
ansible-galaxy collection install community.general --upgrade
You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax where X.Y.Z
can be any available version:
ansible-galaxy collection install community.general:==X.Y.Z
See Ansible Using collections for more details.
Contributing to this collection
The content of this collection is made by good people just like you, a community of individuals collaborating on making the world better through developing automation software.
We are actively accepting new contributors.
All types of contributions are very welcome.
You don't know how to start? Refer to our contribution guide!
The current maintainers are listed in the commit-rights.md file. If you have questions or need help, feel free to mention them in the proposals.
You can find more information in the developer guide for collections, and in the Ansible Community Guide.
Also for some notes specific to this collection see our CONTRIBUTING documentation.
Running tests
See here.
Collection maintenance
To learn how to maintain / become a maintainer of this collection, refer to:
It is necessary for maintainers of this collection to be subscribed to:
- The collection itself (the
Watch
button →All Activity
in the upper right corner of the repository's homepage). - The "Changes Impacting Collection Contributors and Maintainers" issue.
They also should be subscribed to Ansible's The Bullhorn newsletter.
Communication
We announce important development changes and releases through Ansible's The Bullhorn newsletter. If you are a collection developer, be sure you are subscribed.
Join us in the #ansible
(general use questions and support), #ansible-community
(community and collection development questions), and other IRC channels on Libera.chat.
We take part in the global quarterly Ansible Contributor Summit virtually or in-person. Track The Bullhorn newsletter and join us.
For more information about communities, meetings and agendas see Community Wiki.
For more information about communication, refer to Ansible's the Communication guide.
Publishing New Version
See the Releasing guidelines to learn how to release this collection.
Release notes
See the changelog.
Roadmap
In general, we plan to release a major version every six months, and minor versions every two months. Major versions can contain breaking changes, while minor versions only contain new features and bugfixes.
See this issue for information on releasing, versioning, and deprecation.
More information
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
Licensing
This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
See LICENSES/GPL-3.0-or-later.txt for the full text.
Parts of the collection are licensed under the BSD 2-Clause license, the MIT license, and the PSF 2.0 license.
All files have a machine readable SDPX-License-Identifier:
comment denoting its respective license(s) or an equivalent entry in an accompanying .license
file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in .reuse/dep5
. This conforms to the REUSE specification.