Output local customizations as ansible

[marusak]

semanage export lists all local modifications that can be used in shell script.
It would be super useful to generate this as ansible task.

Something like semanage export --ansible and the output could look something like:

- name: Allow virt to sandbox use all caps
  seboolean:
    name: virt_sandbox_use_all_caps
    state: yes
    persistent: yes

- name: Allow virt to use nfs
  seboolean:
    name: virt_use_nfs
    state: yes
    persistent: yes

I would be interested in helping to implement this. Firstly asking if this is something that would get accepted.

[bachradsusi]

semanage export exports local configuration changes which can be later used by semanage import

# semanage export -f semanage.mods
# scp semanage.mod remotemachine:
# ssh remotemachine
# semanage import -f semanage.mods

I'm afraid that current Ansible modules don't cover complete functionality, the code which would generate a playbook would need to be in sync with different module implementations and so you'll have to use semanage command anyway.

[bachradsusi]

There's SELinux Ansible role https://github.com/linux-system-roles/selinux which I would consider to be a better place for this request.

[marusak]

... which can be later used by semanage import

Yes, fully aware of that. But it could be different command if you think it would cause confusion.

I'm afraid that current Ansible modules don't cover complete functionality

That is bummer. I believed there is full support from ansible. Then this, of course, is not yet doable.