capabilities - Manage Linux capabilities
New in version 1.6.
Synopsis
- This module manipulates files privileges using the Linux capabilities(7) system.
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| capability | yes | Desired capability to set (with operator and flags, if state is present) or remove (if state is absent)aliases: cap | ||
| path | yes | Specifies the path to the file to be managed. | ||
| state | no | present |
| Whether the entry should be present or absent in the file's capabilities. |
Examples
# Set cap_sys_chroot+ep on /foo
- capabilities:
path: /foo
capability: cap_sys_chroot+ep
state: present
# Remove cap_net_bind_service from /bar
- capabilities:
path: /bar
capability: cap_net_bind_service
state: absent
Notes
Note
- The capabilities system will automatically transform operators and flags into the effective set, so (for example, cap_foo=ep will probably become cap_foo+ep). This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/capabilities_module.html