community.general.capabilities – Manage Linux capabilities

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.capabilities.

Synopsis
Parameters
Notes
Examples

Synopsis

This module manipulates files privileges using the Linux capabilities(7) system.

Parameters

Parameter	Choices/Defaults	Comments
capability string / required		Desired capability to set (with operator and flags, if state is `present`) or remove (if state is `absent`) aliases: cap
path string / required		Specifies the path to the file to be managed. aliases: key
state string	Choices: absent present ←	Whether the entry should be present or absent in the file's capabilities.

Notes

Note

The capabilities system will automatically transform operators and flags into the effective set, so for example, cap_foo=ep will probably become cap_foo+ep.
This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.

Examples

- name: Set cap_sys_chroot+ep on /foo
  community.general.capabilities:
    path: /foo
    capability: cap_sys_chroot+ep
    state: present

- name: Remove cap_net_bind_service from /bar
  community.general.capabilities:
    path: /bar
    capability: cap_net_bind_service
    state: absent

Authors

Nate Coraor (@natefoo)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/capabilities_module.html