sefcontext - Manages SELinux file context mapping definitions

New in version 2.2.

Synopsis
- Requirements
Parameters
Notes
Examples
Status
Maintenance
- Author

Synopsis

Manages SELinux file context mapping definitions.
Similar to the semanage fcontext command.

Requirements

The below requirements are needed on the host that executes this module.

libselinux-python
policycoreutils-python

Parameters

Parameter	Choices/Defaults	Comments
ftype	Default: "a"	File type.
reload bool	Choices: no yes ←	Reload SELinux policy after commit.
selevel		SELinux range for the specified target. aliases: serange
setype required		SELinux type for the specified target.
seuser		SELinux user for the specified target.
state	Choices: absent present ←	Desired boolean value.
target required		Target path (expression). aliases: path

Notes

Note

The changes are persistent across reboots
The sefcontext module does not modify existing files to the new SELinux context(s), so it is advisable to first create the SELinux file contexts before creating files, or run restorecon manually for the existing files that require the new SELinux file contexts.

Examples

# Allow apache to modify files in /srv/git_repos
- sefcontext:
    target: '/srv/git_repos(/.*)?'
    setype: httpd_git_rw_content_t
    state: present

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/sefcontext_module.html