ansible.posix.selinux – Change policy and state of SELinux
ansible.posix.selinux – Change policy and state of SELinux
Note
This plugin is part of the ansible.posix collection (version 1.1.1).
To install it use: ansible-galaxy collection install ansible.posix
.
To use it in a playbook, specify: ansible.posix.selinux
.
New in version 1.0.0: of ansible.posix
Synopsis
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
Requirements
The below requirements are needed on the host that executes this module.
- libselinux-python
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
configfile string |
Default: "/etc/selinux/config" |
The path to the SELinux configuration file, if non-standard.
|
policy string |
The name of the SELinux policy to use (e.g. | |
state string / required |
|
The SELinux mode. |
Examples
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
configfile string |
always |
Path to SELinux configuration file.
Sample: /etc/selinux/config |
msg string |
always |
Messages that describe changes that were made.
Sample: Config SELinux state changed from 'disabled' to 'permissive' |
policy string |
always |
Name of the SELinux policy.
Sample: targeted |
reboot_required boolean |
always |
Whether or not an reboot is required for the changes to take effect.
Sample: True |
state string |
always |
SELinux mode.
Sample: enforcing |
Authors
- Derek Carter (@goozbach) <[email protected]>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ansible/posix/selinux_module.html