Hi @rumch-se. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

Hello @marcusburghardt
1/
According to this link https://docs.ansible.com/ansible/latest/collections/ansible/posix/seboolean_module.html
some packages are required
+++
The below requirements are needed on the host that executes this module.

libselinux-python
libsemanage-python
python3-libsemanage

+++
and SLE does not have these packages / instead it uses packages with different names. Because of that I added some additional block to install packages related to SUSE. The installation only of the package policycoreutils is not enough on SLE.

2/
In the current SUSE's profiles there is no rule/recommendation which covers the installation of packages related to SELinux. Do you know if there is a template which covers this - because the proposed change is related to the template - i.e. to set some bool values we have to cover the requirements about the installation of necessary packages.

3/
I did not change the bash template in the way to check if SELinux is enabled, but this check make sense. Any advice how to be done.

Have a nice day
Rumen

Hello @marcusburghardt

I have the following question. Will this PR be merged into the planed new release ?

Have a nice day
Rumen

Hello @marcusburghardt

I have the following question. Will this PR be merged into the planed new release ?

Have a nice day Rumen

Hi @rumch-se , thanks for pining me. I will try to review it again until tomorrow. Since the stabilization phase for 0.1.71 is already happening, it should be part of 0.1.72.

Hello @marcusburghardt
With my last commit I implemented all proposed changes without only the code block at the bottom of the ansible template. The main reasons for that

• We have 2 different names of the tasks are different because of SEBOOL_BOOL
• We have 2 different states of the tasks and before the second state we have definition of variable after the else
• (xccdf-var var_{{{ SEBOOLID }}})
  If I use jinja macros I have to set TASK_NAME, but for the set of STATE_NAME I have to define a variable before that .. and in for the 1st state we have "{{{ SEBOOL_BOOL }}}" , while for the second we have "{{ var_{{{ SEBOOLID }}} }}" where before we have to define (xccdf-var var_{{{ SEBOOLID }}}). I don't know how to manage this part

Have a nice day
Rumen

• before we have to define (xccdf-var var_{{{ SEBOOLID }}}). I don't know how to manage this part

It seems more tasks (if not all) could be inserted in a block with when: ansible_facts.selinux.status == 'enabled' . But this is not critical and is not the original intention of this PR. So, I would be fine assess and update this in another PR.

Thanks for the update. I have only some other comments about Style Guide in this Ansible playbook.

Hello @marcusburghardt
I have committed the proposed change
All the best
Rumen

Hello @marcusburghardt I have committed the proposed change All the best Rumen

Thanks @rumch-se, but you missed the other tasks in the Playbook. I proposed the all remaining changes to help you.
When updating Ansible Playbooks it is very appreciated to also review it entirely and make sure everything is aligned to the Style Guide.

Hello @marcusburghardt
I hope that I did all proposed changes.
Have a nice day
Rumen

Code Climate has analyzed commit 4cbbaae and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5%.

View more on Code Climate.