Recollect facts in mount_option_nodev_nonroot_local_partitions

This patch changes the Ansible code for rule mount_option_nodev_nonroot_local_partitions so that Ansible id forced to refresh facts about mount points right before running the Ansible Task for this rule. The data in facts that were collected at the beginning of the play can be outdated at point when this Ansible Task is executed if there is some other Ansible Task that changes mount points, for example if the Ansible Tasks for rule mount_option_boot_nosuid is before the Ansible Task for rule mount_option_nodev_nonroot_local_partitions. Fixes: ComplianceAsCode#11933
jan-cerny · May 3, 2024 · c5235f4 · c5235f4
1 parent bd9ef20
commit c5235f4
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/...tem/permissions/partitions/mount_option_nodev_nonroot_local_partitions/ansible/shared.yml b/...tem/permissions/partitions/mount_option_nodev_nonroot_local_partitions/ansible/shared.yml
@@ -4,6 +4,10 @@
 # complexity = low
 # disruption = high
 
+- name: "{{{ rule_title }}}: Refresh facts"
+ setup:
+ gather_subset: mounts
+
 - name: Ensure non-root local partitions are mounted with nodev option
  mount:
  path: "{{ item.mount }}"