From 45330fee236d18a5a51ce46e275b8cb43e7d471d Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Thu, 2 Jun 2016 15:30:16 -0500
Subject: [PATCH] Don't start LSM in check mode

This patch checks to see if the role is being run in check mode. If it
is in check mode, the AppArmor service will not be started and the
SELinux configuration will not be adjusted.

Change-Id: Iae976f283df77556a71833f857a906097e6f8aeb
---
 tasks/lsm.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tasks/lsm.yml b/tasks/lsm.yml
index 2ddd85a5..7c5b170e 100644
--- a/tasks/lsm.yml
+++ b/tasks/lsm.yml
@@ -36,6 +36,7 @@
   when:
     - ansible_os_family == "Debian"
     - security_enable_linux_security_module | bool
+    - not check_mode
   tags:
     - cat2
     - V-51337
@@ -64,6 +65,7 @@
   when:
     - ansible_os_family == "RedHat"
     - security_enable_linux_security_module | bool
+    - not check_mode
   tags:
     - cat2
     - V-51337