fix bug in check for /boot

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2024-11-10 09:14:18 +00:00 · 2022-07-10 13:36:19 +02:00 · 2022-07-10 13:36:19 +02:00 · fa7f8597d9
commit fa7f8597d9
parent b6b2d45f09
2 changed files with 3 additions and 2 deletions
--- a/molecule/os_hardening_vm/converge.yml
+++ b/molecule/os_hardening_vm/converge.yml
@ -16,6 +16,7 @@
    os_auth_lockout_time: 15
    os_yum_repo_file_whitelist: ['foo.repo']
    os_mnt_boot_enabled: true
+    os_mnt_boot_src: "/dev/vda1"

 # - name: wrapper playbook for kitchen testing "ansible-os-hardening"
 #  hosts: all
--- a/roles/os_hardening/tasks/minimize_access.yml
+++ b/roles/os_hardening/tasks/minimize_access.yml
@ -96,7 +96,7 @@
  register: bootmount
  when:
    - os_mnt_boot_enabled | bool
-    - boot_exists | bool
+    - boot_exists.stat.exists | bool

 - name: Harden permissions for /boot directory
  file:
@ -104,7 +104,7 @@
    owner: 'root'
    group: 'root'
    mode: '{{ os_mnt_boot_dir_mode }}'
-  when:  boot_exists | bool
+  when:  boot_exists.stat.exists | bool

 - name: Mount /dev with hardened options
  mount: