From b7963f7c11ede7e6d83157aace3ec4a7df9f4f66 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 4 Nov 2024 17:11:38 +0000
Subject: [PATCH] updated idempotency thanks to feedback from @Thulium-Drake

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.1.2.3.x.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/section_1/cis_1.1.2.3.x.yml b/tasks/section_1/cis_1.1.2.3.x.yml
index 728b3c9..c7920cd 100644
--- a/tasks/section_1/cis_1.1.2.3.x.yml
+++ b/tasks/section_1/cis_1.1.2.3.x.yml
@@ -24,8 +24,8 @@
         file: warning_facts.yml
 
 - name: |
-    "1.1.2.3.2 | PATCH | Ensure nodev option set on /home partition
-     1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition"
+     "1.1.2.3.2 | PATCH | Ensure nodev option set on /home partition
+      1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition"
   when:
     - item.mount == "/home"
     - rhel9cis_rule_1_1_2_3_2 or
@@ -45,7 +45,7 @@
     src: "{{ item.device }}"
     fstype: "{{ item.fstype }}"
     state: present
-    opts: defaults,{% if rhel9cis_rule_1_1_2_3_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_2_3_3 %}nosuid{% endif %}
+    opts: "{{ item.options }}{% if ('nodev' not in item.options and rhel9cis_rule_1_1_2_3_2) %},nodev{% endif %}{% if ('nosuid' not in item.options and rhel9cis_rule_1_1_2_3_3) %},nosuid{% endif %}"
   loop: "{{ ansible_facts.mounts }}"
   loop_control:
     label: "{{ item.device }}"