selogin – Manages linux user to SELinux user mapping

From Get docs
Ansible/docs/2.8/modules/selogin module


selogin – Manages linux user to SELinux user mapping

New in version 2.8.


Synopsis

  • Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux
  • policycoreutils

Parameters

Parameter Choices/Defaults Comments

ignore_selinux_state

boolean

  • no

  • yes

Run independent of selinux runtime state

login

- / required

a Linux user

reload

-

Default:

"yes"

Reload SELinux policy after commit.

selevel

-

Default:

"s0"

MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.


aliases: serange

seuser

- / required

SELinux user name

state

- / required

  • present

  • absent

Desired mapping value.



Notes

Note

  • The changes are persistent across reboots
  • Not tested on any debian based system


Examples

# Modify the default user on the system to the guest_u user
- selogin:
    login: __default__
    seuser: guest_u
    state: present

# Assign gijoe user on an MLS machine a range and to the staff_u user
- selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

# Assign all users in the engineering group to the staff_u user
- selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Status

Authors

  • Dan Keder (@dankeder)
  • Petr Lautrbach (@bachradsusi)
  • James Cassell (@jamescassell)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/selogin_module.html