From fcad8c23f56065df3f86624114c02a9a248ea910 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 6 Mar 2018 13:17:43 -0600
Subject: [PATCH] Simplify SELinux check

The ansible_selinux variable is always populated with a 'status'
property, even if SELinux is not installed or configured. This
patch simplifies the check.

Change-Id: Ifddc385fc292ddb7d6c2758b199401c45de0f0f2
Signed-off-by: Major Hayden <major@mhtx.net>
---
 tasks/rhel7stig/lsm.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tasks/rhel7stig/lsm.yml b/tasks/rhel7stig/lsm.yml
index 6c51bad2..81f34cb4 100644
--- a/tasks/rhel7stig/lsm.yml
+++ b/tasks/rhel7stig/lsm.yml
@@ -111,8 +111,7 @@
   check_mode: no
   when:
     - ansible_os_family == 'RedHat'
-    - ansible_selinux.status is defined
-    - ansible_selinux.status != 'disabled'
+    - ansible_selinux.status == 'enabled'
   tags:
     - lsm
     - medium