Merge "Exit with zero status when denials are not found in audit log"

2020-12-04 12:41:11 +00:00 · 2020-12-04 12:41:11 +00:00 · 1614ef0fb4
parent e943a4e420 95ca84c592
commit 1614ef0fb4
1 changed files with 2 additions and 2 deletions
--- a/validations_common/roles/validate_selinux/tasks/main.yml
+++ b/validations_common/roles/validate_selinux/tasks/main.yml
@ -53,11 +53,11 @@

 - name: Fetch denials from auditlog
  become: true
-  ignore_errors: true
+  failed_when: false
  changed_when: false
  shell: |
    set -o pipefail
-    grep denied {{ validate_selinux_audit_source }} > /tmp/denials.log
+    grep -i denied {{ validate_selinux_audit_source }} > /tmp/denials.log || (echo "No denials found in auditlog"; exit 0)

 - name: Get stat for denials.log
  stat: