From 063c2d0be125339ecd6fbad9870869735fe9c5c9 Mon Sep 17 00:00:00 2001
From: Alessandro Fael Garcia <alessfg@hotmail.com>
Date: Thu, 10 Dec 2020 12:46:29 +0100
Subject: [PATCH] SELinux state should now be correctly set back to `enforcing`
 (#351)

---
 CHANGELOG.md                          | 4 ++++
 tasks/prerequisites/setup-selinux.yml | 7 +------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c83d271..94abe05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,10 @@ ENHANCEMENTS:
 
 Switch NGINX keysites and OSS default repository data from a dictionary to individual variables to prevent potential issues arisen from Jinja2 dictionary run-time evaluations.
 
+BUG FIXES:
+
+Fix issue whereas SELinux state would not be correctly set back to `enforcing` when `nginx_selinux: true`.
+
 ## 0.18.0 (November 13, 2020)
 
 BREAKING CHANGES:
diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml
index d02df3a..72aa8f5 100644
--- a/tasks/prerequisites/setup-selinux.yml
+++ b/tasks/prerequisites/setup-selinux.yml
@@ -21,8 +21,6 @@
   selinux:
     state: permissive
     policy: targeted
-  changed_when: false
-  when: ansible_facts['selinux']['mode'] == "enforcing"
 
 - name: Allow SELinux HTTP network connections
   seboolean:
@@ -96,7 +94,4 @@
   selinux:
     state: enforcing
     policy: targeted
-  changed_when: false
-  when:
-    - nginx_selinux_enforcing | bool
-    - ansible_facts['selinux']['mode'] == "permissive"
+  when: nginx_selinux_enforcing | bool