selinux – Change policy and state of SELinux

From Get docs
Ansible/docs/2.8/modules/selinux module


selinux – Change policy and state of SELinux

Synopsis

  • Configures the SELinux mode and policy.
  • A reboot may be required after usage.
  • Ansible will not issue this reboot but will let you know when it is required.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments

configfile

-

Default:

"/etc/selinux/config"

The path to the SELinux configuration file, if non-standard.


aliases: conf, file

policy

-

The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.

state

- / required

  • disabled
  • enforcing
  • permissive

The SELinux mode.



Examples

- name: Enable SELinux
  selinux:
    policy: targeted
    state: enforcing

- name: Put SELinux in permissive mode, logging actions that would be blocked.
  selinux:
    policy: targeted
    state: permissive

- name: Disable SELinux
  selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

configfile

string

always

Path to SELinux configuration file.


Sample:

/etc/selinux/config

msg

string

always

Messages that describe changes that were made.


Sample:

Config SELinux state changed from 'disabled' to 'permissive'

policy

string

always

Name of the SELinux policy.


Sample:

targeted

reboot_required

boolean

always

Whether or not an reboot is required for the changes to take effect.


Sample:

True

state

string

always

SELinux mode.


Sample:

enforcing




Status

Red Hat Support

More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.

Authors

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/selinux_module.html