forked from evolix/ansible-roles
lxc: Fail if /var is nosuid
This commit is contained in:
parent
799466788f
commit
e79141d2d2
|
@ -21,6 +21,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
### Changed
|
||||
|
||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||
* lxc: Fail if /var is nosuid
|
||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||
|
||||
### Fixed
|
||||
|
|
|
@ -43,8 +43,8 @@
|
|||
- lxc_unprivilegied_containers | bool
|
||||
- root_subuids.rc != 0
|
||||
|
||||
- name: Check if /var has not mount options nodev or noexec
|
||||
shell: findmnt | grep -E "/var[^/]" | grep -e nodev -e noexec
|
||||
- name: Check if /var has not mount options or nosuid or nodev or noexec
|
||||
shell: findmnt | grep -E "/var[^/]" | grep -e nodev -e noexec -e nosuid
|
||||
register: check_var
|
||||
changed_when: false
|
||||
failed_when: "check_var.rc == 0"
|
||||
|
|
Loading…
Reference in a new issue