From f1b7149fcf1f29a7a9c167b62697a8aace8c475d Mon Sep 17 00:00:00 2001 From: Stephen Fromm Date: Wed, 2 May 2012 11:38:44 -0700 Subject: [PATCH] Update how to set default selinux context for file This removes the 'context' option and replaces it with checks for '_default' value for seuser, serole, setype, or (maybe) selevel. If '_default' is provided *and* there is a default context for the given file, this will set the file context to the available default. --- library/file | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/file b/library/file index 245ee9f2f9..3931f1ec3b 100755 --- a/library/file +++ b/library/file @@ -170,17 +170,14 @@ seuser = params.get('seuser', None) serole = params.get('serole', None) setype = params.get('setype', None) selevel = params.get('serange', 's0') -context = params.get('context', None) secontext = [seuser, serole, setype] if selinux_mls_enabled(): secontext.append(selevel) -if context is not None: - if context != 'default': - fail_json(msg='invalid context: %s' % context) - if seuser is not None or serole is not None or setype is not None: - fail_json(msg='cannot define context=default and seuser, serole or setype') - secontext = selinux_default_context(path) +default_secontext = selinux_default_context(path) +for i in range(len(default_secontext)): + if i is not None and secontext[i] == '_default': + secontext[i] = default_secontext[i] if state not in [ 'file', 'directory', 'link', 'absent']: fail_json(msg='invalid state: %s' % state)