openstack/validations-common
Code Issues Proposed changes

Exit with zero status when denials are not found in audit log

Browse Source 
When no denials are found in the audit log file, grep will exit with 1
and this ansible task will be caught by the callback as a failed task.

Change-Id: I95f782c02bdf3446f6b6e461973e8226a8d2a699
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
This commit is contained in:
Gael Chamoulaud (Strider) 2020-12-02 16:27:25 +01:00
parent d3c563e3ba
commit 95ca84c592
No known key found for this signature in database
GPG Key ID: 4119D0305C651D66
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
validations_common/roles/validate_selinux/tasks/main.yml
View File

@ -53,11 +53,11 @@
- name: Fetch denials from auditlog
become: true
ignore_errors: true
failed_when: false
changed_when: false
shell: |
set -o pipefail
grep denied {{ validate_selinux_audit_source }} > /tmp/denials.log
grep -i denied {{ validate_selinux_audit_source }} > /tmp/denials.log || (echo "No denials found in auditlog"; exit 0)
- name: Get stat for denials.log
stat: