---
# Copyright 2018, SUSE LINUX GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Check for apparmor profile
  stat:
    path: "/etc/apparmor.d/usr.sbin.dnsmasq"
  register: sbin_dnsmasq

- name: Relax dnsmasq apparmor profile
  file:
    src: "/etc/apparmor.d/usr.sbin.dnsmasq"
    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
    state: link
  when:
    - sbin_dnsmasq.stat.exists | bool
  notify:
    - Start apparmor
    - Reload apparmor
  tags:
    - lxc-files
    - lxc-apparmor
    - lxc_hosts-config

- name: Check for apparmor profile
  stat:
    path: "/etc/apparmor.d/bin.ping"
  register: bin_ping

- name: Relax ping apparmor profile
  file:
    src: "/etc/apparmor.d/bin.ping"
    dest: "/etc/apparmor.d/disable/bin.ping"
    state: link
  when:
    - bin_ping.stat.exists | bool
  notify:
    - Start apparmor
    - Reload apparmor
  tags:
    - lxc-files
    - lxc-apparmor
    - lxc_hosts-config

# NOTE(hwoarang) Revert this (or fix the actual profile)
# once upstream bug https://bugzilla.opensuse.org/show_bug.cgi?id=1099239
# is analysed.
- name: Disable lxc-start apparmor profile on openSUSE
  block:
  - name: Check for apparmor profile
    stat:
      path: "/etc/apparmor.d/usr.bin.lxc-start"
    register: usr_bin_lxc_start

  - name: Relax lxc-start apparmor profile
    file:
      src: "/etc/apparmor.d/usr.bin.lxc-start"
      dest: "/etc/apparmor.d/disable/usr.bin.lxc-start"
      state: link
    when:
      - usr_bin_lxc_start.stat.exists | bool
    notify:
      - Start apparmor
      - Reload apparmor
  tags:
    - lxc-files
    - lxc-apparmor
    - lxc_hosts-config
  when: ansible_pkg_mgr == 'zypper'

- name: Drop lxc-openstack apparmor profile
  template:
    src: "lxc-openstack.apparmor.j2"
    dest: "/etc/apparmor.d/lxc/lxc-openstack"
    owner: "root"
    group: "root"
    mode: "0644"
  notify:
    - Start apparmor
    - Reload apparmor
  tags:
    - lxc-files
    - lxc-apparmor
    - lxc_hosts-config