Merge pull request #14366 from teacup-on-rockingchair/sle16_dconf_gnome_patch

Sle16 dconf gnome patch

Author: Mab879

linux_os/guide/system/software/gnome/enable_dconf_user_profile/ansible/shared.yml

@@ -4,9 +4,4 @@
 # complexity = low
 # disruption = medium
 
-- name: "Configure GNOME3 DConf User Profile"
-  ansible.builtin.lineinfile:
-    dest: "/etc/dconf/profile/gdm"
-    line: "user-db:user\nsystem-db:gdm"
-    create: yes
-    state: present
+{{{ ansible_enable_dconf_user_profile(profile="gdm", database="gdm") }}}

linux_os/guide/system/software/gnome/enable_dconf_user_profile/bash/shared.sh

@@ -1,3 +1,3 @@
 # platform = multi_platform_sle
 
-echo -e 'user-db:user\nsystem-db:gdm' > /etc/dconf/profile/gdm
+{{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}

linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml

@@ -21,6 +21,10 @@
     create: yes
   register: result_lineinfile
 
+{{% if product in ['sle15', 'sle16'] %}}
+{{{ ansible_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
+{{% endif %}}
+
 - name: Dconf Update
   ansible.builtin.command: dconf update
   when: result_ini is changed or result_lineinfile is changed

linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/bash/shared.sh

@@ -5,5 +5,9 @@
 {{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
 {{% endif %}}
 
+{{% if product in ['sle15', 'sle16'] %}}
+{{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
+{{% endif %}}
+
 {{{ bash_dconf_settings("org/gnome/login-screen", "disable-user-list", "true", dconf_gdm_dir, "00-security-settings", rule_id=rule_id) }}}
 {{{ bash_dconf_lock("org/gnome/login-screen", "disable-user-list", dconf_gdm_dir, "00-security-settings-lock") }}}

linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/policy/stig/shared.yml

@@ -19,14 +19,13 @@ fixtext: |-
     Configure {{{ full_name }}} to disable the user list at logon for graphical user interfaces.
 
     Create a database to contain the systemwide screensaver settings (if it does not already exist) with the following command:
-    Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
+    Note: The example below is using the database "{{{ dconf_gdm_dir }}}" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
 
-    $ sudo touch /etc/dconf/db/local.d/02-login-screen
+    $ sudo touch /etc/dconf/db/{{{ dconf_gdm_dir }}}/02-login-screen
 
     [org/gnome/login-screen]
     disable-user-list=true
 
     Update the system databases:
 
     $ sudo dconf update
-

linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/bash/shared.sh

@@ -1,11 +1,9 @@
 # platform = multi_platform_sle,multi_platform_slmicro
 
-if ! (sed -n '/^DISPLAYMANAGER_AUTOLOGIN=\"\"/p' /etc/sysconfig/displaymanager)
-then
+if ! grep -q '^DISPLAYMANAGER_AUTOLOGIN=""' /etc/sysconfig/displaymanager; then
   sed -i "s/^DISPLAYMANAGER_AUTOLOGIN=.*/DISPLAYMANAGER_AUTOLOGIN=\"\"/g" /etc/sysconfig/displaymanager
 fi
 
-if ! (sed -n '/^DISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"no\"/p' /etc/sysconfig/displaymanager)
-then
+if ! grep -q '^DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"' /etc/sysconfig/displaymanager; then
   sed -i "s/^DISPLAYMANAGER_PASSWORD_LESS_LOGIN=.*/DISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"no\"/g" /etc/sysconfig/displaymanager
 fi

linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml

@@ -5,7 +5,11 @@
 # disruption = medium
 - name: "Disable GNOME3 Automounting - automount"
   community.general.ini_file:
+{{% if product in ['sle15', 'sle16'] %}}
+    dest: /etc/dconf/db/{{{ dconf_gdm_dir }}}/00-security-settings
+{{% else %}}
     dest: /etc/dconf/db/local.d/00-security-settings
+{{% endif %}}
     section: org/gnome/desktop/media-handling
     option: automount
     value: "false"
@@ -15,20 +19,18 @@
 
 - name: "Prevent user modification of GNOME3 Automounting - automount"
   ansible.builtin.lineinfile:
+{{% if product in ['sle15', 'sle16'] %}}
+    path: /etc/dconf/db/{{{ dconf_gdm_dir }}}/locks/00-security-settings-lock
+{{% else %}}
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
+{{% endif %}}
     regexp: '^/org/gnome/desktop/media-handling/automount$'
     line: '/org/gnome/desktop/media-handling/automount'
     create: yes
   register: result_lineinfile
 
-# apply fix for enable_dconf_user_profile, OVAL checks it
 {{% if product in ['sle15', 'sle16'] %}}
-- name: "Configure GNOME3 DConf User Profile"
-  ansible.builtin.lineinfile:
-    dest: "/etc/dconf/profile/gdm"
-    line: "user-db:user\nsystem-db:gdm"
-    create: yes
-    state: present
+{{{ ansible_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
 {{% endif %}}
 
 - name: Dconf Update

linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh

@@ -8,7 +8,9 @@
 # apply fix for enable_dconf_user_profile, OVAL checks it
 {{% if product in ['sle15', 'sle16'] %}}
 {{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
-{{% endif %}}
-
+{{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount", "false", dconf_gdm_dir, "00-security-settings", rule_id=rule_id) }}}
+{{{ bash_dconf_lock("org/gnome/desktop/media-handling", "automount", dconf_gdm_dir, "00-security-settings-lock") }}}
+{{% else %}}
 {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount", "false", "local.d", "00-security-settings", rule_id=rule_id) }}}
 {{{ bash_dconf_lock("org/gnome/desktop/media-handling", "automount", "local.d", "00-security-settings-lock") }}}
+{{% endif %}}

linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/oval/shared.xml

@@ -20,7 +20,11 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_dconf_gnome_disable_automount"
   version="1">
+{{% if product in ['sle15', 'sle16'] %}}
+    <ind:path>/etc/dconf/db/{{{ dconf_gdm_dir }}}/</ind:path>
+{{% else %}}
     <ind:path>/etc/dconf/db/local.d/</ind:path>
+{{% endif %}}
     <ind:filename operation="pattern match">^.*$</ind:filename>
     <ind:pattern operation="pattern match">^\[org/gnome/desktop/media-handling\]([^\n]*\n+)+?automount=false$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
@@ -33,7 +37,11 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_prevent_user_gnome_automount"
   version="1">
+{{% if product in ['sle15', 'sle16'] %}}
+    <ind:path>/etc/dconf/db/{{{ dconf_gdm_dir }}}/locks/</ind:path>
+{{% else %}}
     <ind:path>/etc/dconf/db/local.d/locks/</ind:path>
+{{% endif %}}
     <ind:filename operation="pattern match">^.*$</ind:filename>
     <ind:pattern operation="pattern match">^/org/gnome/desktop/media-handling/automount$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>

linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml

@@ -7,12 +7,12 @@ description: |-
     The system's default desktop environment, GNOME3, will mount
     devices and removable media (such as DVDs, CDs and USB flash drives) whenever
     they are inserted into the system. To disable automount within GNOME3, add or set
-    <tt>automount</tt> to <tt>false</tt> in <tt>/etc/dconf/db/local.d/00-security-settings</tt>.
+    <tt>automount</tt> to <tt>false</tt> in <tt>/etc/dconf/db/{{{ dconf_gdm_dir }}}/00-security-settings</tt>.
     For example:
     <pre>[org/gnome/desktop/media-handling]
     automount=false</pre>
     Once the settings have been added, add a lock to
-    <tt>/etc/dconf/db/local.d/locks/00-security-settings-lock</tt> to prevent user modification.
+    <tt>/etc/dconf/db/{{{ dconf_gdm_dir }}}/locks/00-security-settings-lock</tt> to prevent user modification.
     For example:
     <pre>/org/gnome/desktop/media-handling/automount</pre>
     After the settings have been set, run <tt>dconf update</tt>.
@@ -51,6 +51,5 @@ ocil: |-
     <pre>$ gsettings get org.gnome.desktop.media-handling automount</pre>
     If properly configured, the output for <tt>automount</tt> should be <tt>false</tt>.
     To ensure that users cannot enable automount in GNOME3, run the following:
-    <pre>$ grep 'automount' /etc/dconf/db/local.d/locks/*</pre>
+    <pre>$ grep 'automount' /etc/dconf/db/{{{ dconf_gdm_dir }}}/locks/*</pre>
     If properly configured, the output for <tt>automount</tt> should be <tt>/org/gnome/desktop/media-handling/automount</tt>
-