CentOS 7 selinux dependencies

[romaincabassot]

Hello,
When running this role on a CentOS 7 I get the following errors:

TASK [dev-sec.ssh-hardening : check and compile policy] ************************
fatal: [192.168.77.10]: FAILED! => {"changed": true, "cmd": "checkmodule -M -m -o /etc/selinux/local-policies/ssh_password.mod /etc/selinux/local-policies/ssh_password", "delta": "0:00:00.002428", "end": "2016-10-10 11:48:41.962335", "failed": true, "rc": 127, "start": "2016-10-10 11:48:41.959907", "stderr": "/bin/sh: checkmodule: command not found", "stdout": "", "stdout_lines": [], "warnings": []}

Then I've installed the checkpolicy package and had this error:

TASK [dev-sec.ssh-hardening : create selinux policy module package] ************
fatal: [192.168.77.10]: FAILED! => {"changed": true, "cmd": "semodule_package -o /etc/selinux/local-policies/ssh_password.pp -m /etc/selinux/local-policies/ssh_password.mod", "delta": "0:00:00.002294", "end": "2016-10-10 11:50:04.572800", "failed": true, "rc": 127, "start": "2016-10-10 11:50:04.570506", "stderr": "/bin/sh: semodule_package: command not found", "stdout": "", "stdout_lines": [], "warnings": []}

Resolved by installing policycoreutils-python package.
Then the role applied correctly.

Should the ansible role manage its dependencies?
Romain

[rndmh3ro]

Hi Romain,

thanks for bringing this to our attention.
Yes, the role should handle its dependencies.
I'll update the role.