mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
9bab144d06
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes #4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| .keep | ||
| 6.4.0.yml | ||
| 5431-nmcli-wifi.yml | ||
| 5615-zypper-transactional-update.yml | ||
| 5814-support-keycloak-subgroups.yml | ||
| 5829-fix-yarn-global.yml | ||
| 5830-sefcontext-path-subs.yml | ||
| 5863-providerType-defaulted-keycloak_userfed-mappers.yml | ||
| 5866-lxd_container-diff-and-check-mode.yml | ||
| 5899-adding-enablesecureboot-functionality-to-redfish-config.yml | ||
| 5900-adding-verifybiosattribute-fucntionality-to-redfish-command.yml | ||
| 5915-suppress-urllib3-insecure-request-warnings.yml | ||
| 5925-align_gitlab_runner_access_level_default_with_gitlab.yml | ||
| 5926-flatpak-remote-enabled.yml | ||
| 5927-set-user-agent-dnsimple.yml | ||
| 5928-fix-favicon-url.yml | ||
| 5933-linting.yml | ||
| 5934-fix-keycloak-sanitize_cr.yml | ||
| 5942-onepassword-ignore-errors-from-op-account-get.yml | ||
| 5943-zfs_delegate_admin-fix-zfs-allow-cannot-parse-unknown-uid-gid.yml | ||
| 5972-cloudflare-dns-srv-record.yml | ||
| 5994-github-webhook-secret.yml | ||
| 6011-osx-defaults-errors.yml | ||
| 6034-lxd-tls.yml | ||
| 6043-jc_plugin_parser_support.yml | ||
| 6048-nmcli-addres-order.yml | ||
| 6074-loader_in_listify.yml.yml | ||
| remove-unneeded-imports.yml | ||