community.general.selinux_permissive – Change permissive domain in SELinux policy
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.selinux_permissive
.
Synopsis
- Add and remove a domain from the list of permissive domains.
Requirements
The below requirements are needed on the host that executes this module.
- policycoreutils-python
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
domain string / required | Default: "" | The domain that will be added or removed from the list of permissive domains. aliases: name |
no_reload boolean |
| Disable reloading of the SELinux policy after making change to a domain's permissive setting. The default is no , which causes policy to be reloaded when a domain changes state.Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6." |
permissive boolean / required |
| Indicate if the domain should or should not be set as permissive. |
store string | Name of the SELinux policy store to use. |
Notes
Note
- Requires a recent version of SELinux and
policycoreutils-python
(EL 6 or newer).
Examples
- name: Change the httpd_t domain to permissive community.general.selinux_permissive: name: httpd_t permissive: true
Authors
- Michael Scherer (@mscherer) <misc@zarb.org>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/selinux_permissive_module.html