Hi,
This command:
create the httpd.conf file with wrong security contexts.
unconfined_u:object_r:admin_home_t:s0 httpd.conf
I am using a version from git.
Thanks,
Filip
Check and see if you have libselinux-python installed please and let us know what version of Ansbile you are using.
We need to increase error handling (i.e. not continuing to manage files until it is installed) when libselinux-python is missing.
Nope libselinux-python is not installed on the node.
Version is latest from the git.
Filip
that is required on targets for selinux related functions to work.
I have added libselinux-python and it works.
Thanks
Yeah, great.
I am going to look into making this raise proper errors and when not installed on the remotes (and all you to therefore install it).
Thanks!
so for those who know selinux better than I and/or have systems to test, I’m floating the following patch:
diff --git a/lib/ansible/module_common.py b/lib/ansible/module_common.py
index d61e2aa…1bdbc9e 100644
— a/lib/ansible/module_common.py
+++ b/lib/ansible/module_common.py
@@ -265,6 +265,11 @@ class AnsibleModule(object):
def selinux_enabled(self):
if not HAVE_SELINUX:
This seems sufficient for me, it would only cause failures for things about to do something SELinuxey*
fn 1) For those unaware, AC/DC’s “for those about rock” was originally titled “for those about to do something SELinuxey”.
An alternative to sestatus is to call selinuxenabled. If selinux is
enabled, it exits with rc 0. Otherwise, it exits with rc 1. The man page
selinuxenabled(1) describes it as a 'tool to be used within shell scripts
to determine if selinux is enabled'.
I think this would be preferable to parsing output from sestatus, which I
know has 'evolved' over time. 
Regards,
sf
Looks much better, will patch patch.
Brian Coca