| |
@@ -0,0 +1,42 @@
|
| |
+ ---
|
| |
+ - hosts: localhost
|
| |
+ vars:
|
| |
+ - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
|
| |
+ tags:
|
| |
+ - classic
|
| |
+ tasks:
|
| |
+ - name: reboot
|
| |
+ block:
|
| |
+ - name: restart host
|
| |
+ shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
| |
+ async: 1
|
| |
+ poll: 0
|
| |
+ ignore_errors: true
|
| |
+
|
| |
+ - name: wait for host to come back
|
| |
+ wait_for_connection:
|
| |
+ delay: 10
|
| |
+ timeout: 300
|
| |
+
|
| |
+ - name: Re-create /tmp/artifacts
|
| |
+ command: mkdir /tmp/artifacts
|
| |
+
|
| |
+ - name: Generate fake SELinux denial
|
| |
+ shell: runcon -u system_u -r system_r -t init_t -- /bin/cat /etc/shadow || true
|
| |
+
|
| |
+ - name: Gather SELinux denials since boot
|
| |
+ shell: |
|
| |
+ ausearch -m avc -m selinux_err -m user_avc -ts boot > /tmp/avc.log 2> /tmp/avc.err.log
|
| |
+ grep -q '<no matches>' /tmp/avc.err.log && result=pass || result=fail
|
| |
+ echo -e "results:\n- {result: $result, test: reboot}" > /tmp/results.yml
|
| |
+
|
| |
+ always:
|
| |
+ - name: Pull out the artifacts
|
| |
+ fetch:
|
| |
+ dest: "{{ artifacts }}/"
|
| |
+ src: "{{ item }}"
|
| |
+ flat: yes
|
| |
+ with_items:
|
| |
+ - /tmp/avc.log
|
| |
+ - /tmp/avc.err.log
|
| |
+ - /tmp/results.yml
|
| |
plautrba
commented 3 years ago
DO NOT MERGE