ansible.posix.selinux – Change policy and state of SELinux

From Get docs
Ansible/docs/2.11/collections/ansible/posix/selinux module


ansible.posix.selinux – Change policy and state of SELinux

Note

This plugin is part of the ansible.posix collection (version 1.1.1).

To install it use: ansible-galaxy collection install ansible.posix.

To use it in a playbook, specify: ansible.posix.selinux.


New in version 1.0.0: of ansible.posix


Synopsis

  • Configures the SELinux mode and policy.
  • A reboot may be required after usage.
  • Ansible will not issue this reboot but will let you know when it is required.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments

configfile

string

Default:

"/etc/selinux/config"

The path to the SELinux configuration file, if non-standard.


aliases: conf, file

policy

string

The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.

state

string / required

  • disabled
  • enforcing
  • permissive

The SELinux mode.



Examples

- name: Enable SELinux
  ansible.posix.selinux:
    policy: targeted
    state: enforcing

- name: Put SELinux in permissive mode, logging actions that would be blocked.
  ansible.posix.selinux:
    policy: targeted
    state: permissive

- name: Disable SELinux
  ansible.posix.selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

configfile

string

always

Path to SELinux configuration file.


Sample:

/etc/selinux/config

msg

string

always

Messages that describe changes that were made.


Sample:

Config SELinux state changed from 'disabled' to 'permissive'

policy

string

always

Name of the SELinux policy.


Sample:

targeted

reboot_required

boolean

always

Whether or not an reboot is required for the changes to take effect.


Sample:

True

state

string

always

SELinux mode.


Sample:

enforcing




Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/ansible/posix/selinux_module.html