refactor(cis): move OS-specific binary resolution to vars/main.yml

2026-02-20 21:16:48 +01:00
parent 72a9576abe
commit 3db18858c3
2 changed files with 33 additions and 20 deletions
--- a/roles/cis/vars/main.yml
+++ b/roles/cis/vars/main.yml
@@ -0,0 +1,21 @@
+---
+# OS-specific binary names for CIS permission targets.
+# fusermount3 is the modern name; older distros still use fusermount.
+cis_fusermount_binary: >-
+  {{
+    'fusermount3'
+    if (
+      os in ['archlinux', 'fedora', 'rocky', 'rhel']
+      or (os == 'debian' and (os_version | string) not in ['10', '11'])
+      or (os == 'almalinux')
+    )
+    else 'fusermount'
+  }}
+
+# write.ul is the Debian 11 name; all others use write.
+cis_write_binary: >-
+  {{
+    'write.ul'
+    if (os == 'debian' and (os_version | string) == '11')
+    else 'write'
+  }}