community.general.capabilities – Manage Linux capabilities
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.capabilities
.
Synopsis
- This module manipulates files privileges using the Linux capabilities(7) system.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
capability string / required | Desired capability to set (with operator and flags, if state is present ) or remove (if state is absent )aliases: cap | |
path string / required | Specifies the path to the file to be managed. aliases: key | |
state string |
| Whether the entry should be present or absent in the file's capabilities. |
Notes
Note
- The capabilities system will automatically transform operators and flags into the effective set, so for example,
cap_foo=ep
will probably becomecap_foo+ep
. - This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.
Examples
- name: Set cap_sys_chroot+ep on /foo community.general.capabilities: path: /foo capability: cap_sys_chroot+ep state: present - name: Remove cap_net_bind_service from /bar community.general.capabilities: path: /bar capability: cap_net_bind_service state: absent
Authors
- Nate Coraor (@natefoo)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/capabilities_module.html