From 4bab55cbffab23f8bcf28e0f52b56300f8f5bb48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=9Cmit=20Seren?= <uemit.seren@gmi.oeaw.ac.at>
Date: Mon, 25 Apr 2022 12:03:18 +0200
Subject: [PATCH] Bugfix: Add missing become: true to 2 tasks

/tmp/selinux.log is owned by root:root and can only be accessed by the
root user. The tasks "Filter out denials" and "No skip_list" are missing
those which casues a false positive of the validation

Closes-Bug: #1970193
Change-Id: I9fc8db25f8826f58de19c56d05050abcc4588dbb
---
 validations_common/roles/validate_selinux/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/validations_common/roles/validate_selinux/tasks/main.yml b/validations_common/roles/validate_selinux/tasks/main.yml
index 29fa290..28a3f12 100644
--- a/validations_common/roles/validate_selinux/tasks/main.yml
+++ b/validations_common/roles/validate_selinux/tasks/main.yml
@@ -81,6 +81,7 @@
         mode: 0600
 
     - name: Filter out denials
+      become: true
       when: validate_selinux_skip_list != {}
       ignore_errors: true
       changed_when: false
@@ -90,6 +91,7 @@
         chmod 0600 {{ validate_selinux_filtered_denials_dest }}
 
     - name: No skip_list
+      become: true
       when: validate_selinux_skip_list == {}
       copy:
         remote_src: true