42 lines
997 B
YAML
42 lines
997 B
YAML
|
---
|
||
|
|
- name: Sanity checks
|
||
|
|
ansible.builtin.assert:
|
||
|
|
that:
|
||
|
|
- ansible_os_family|default("N/A") in ["Debian"]
|
||
|
|
|
||
|
|
|
||
|
|
- name: Get distribution variables
|
||
|
|
ansible.builtin.include_vars:
|
||
|
|
file: "os_{{ ansible_os_family|lower }}.yml"
|
||
|
|
|
||
|
|
|
||
|
|
- name: Remove packages
|
||
|
|
ansible.builtin.package:
|
||
|
|
name: "{{ deapparmor_packages }}"
|
||
|
|
state: absent
|
||
|
|
notify: "Reboot machine for DeAppArmor"
|
||
|
|
|
||
|
|
|
||
|
|
- name: "[GRUB] Look for disabled AppArmor"
|
||
|
|
ansible.builtin.shell:
|
||
|
|
cmd: 'grep "^GRUB_CMDLINE_LINUX=.*apparmor=0" /etc/default/grub || true'
|
||
|
|
changed_when: False
|
||
|
|
register: deapparmor_grub_comdline
|
||
|
|
|
||
|
|
|
||
|
|
- name: "[GRUB] Add apparmor=0"
|
||
|
|
ansible.builtin.lineinfile:
|
||
|
|
path: /etc/default/grub
|
||
|
|
line: 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} apparmor=0"'
|
||
|
|
insertafter: '^GRUB_CMDLINE_LINUX='
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: 0644
|
||
|
|
backup: yes
|
||
|
|
when: deapparmor_grub_comdline.stdout_lines|length == 0
|
||
|
|
notify:
|
||
|
|
- "update-grub for DeAppArmor"
|
||
|
|
- "Reboot machine for DeAppArmor"
|
||
|
|
|
||
|
|
|