forked from evolix/ansible-roles
lxc: Fail if /var is nosuid
This commit is contained in:
parent
799466788f
commit
e79141d2d2
|
@ -21,6 +21,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||||
|
* lxc: Fail if /var is nosuid
|
||||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -43,8 +43,8 @@
|
||||||
- lxc_unprivilegied_containers | bool
|
- lxc_unprivilegied_containers | bool
|
||||||
- root_subuids.rc != 0
|
- root_subuids.rc != 0
|
||||||
|
|
||||||
- name: Check if /var has not mount options nodev or noexec
|
- name: Check if /var has not mount options or nosuid or nodev or noexec
|
||||||
shell: findmnt | grep -E "/var[^/]" | grep -e nodev -e noexec
|
shell: findmnt | grep -E "/var[^/]" | grep -e nodev -e noexec -e nosuid
|
||||||
register: check_var
|
register: check_var
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: "check_var.rc == 0"
|
failed_when: "check_var.rc == 0"
|
||||||
|
|
Loading…
Reference in a new issue