selinux - Change policy and state of SELinux
Synopsis
- Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
Requirements
The below requirements are needed on the host that executes this module.
- libselinux-python
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| conf | Default: /etc/selinux/config | path to the SELinux configuration file, if non-standard aliases: configfile, file |
| policy | Default: None | name of the SELinux policy to use (example: targeted) will be required if state is not disabled
|
| state required |
None | The SELinux mode |
Notes
Note
- Not tested on any debian based system
Examples
# Enable SELinux
- selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
state: disabled
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| configfile string | always | Path to SELinux configuration file Sample: /etc/selinux/config |
| msg string | always | Messages that describe changes that were made Sample: Config SELinux state changed from 'disabled' to 'permissive' |
| policy string | always | Name of the SELinux policy Sample: targeted |
| reboot_required bool | always | Whether or not an reboot is required for the changes to take effect Sample: True |
| state string | always | SELinux mode Sample: enforcing |
Status
This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.
Support
For more information about Red Hat’s support of this module, please refer to this Knowledge Base article
Author
- Derek Carter (@goozbach) <goozbach@friocorte.com>
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/selinux_module.html