selinux – Change policy and state of SELinux

Synopsis

  • Configures the SELinux mode and policy.
  • A reboot may be required after usage.
  • Ansible will not issue this reboot but will let you know when it is required.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments
configfile
-
Default:
"/etc/selinux/config"
The path to the SELinux configuration file, if non-standard.

aliases: conf, file
policy
-
The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
state
- / required
    Choices:
  • disabled
  • enforcing
  • permissive
The SELinux mode.

Examples

- name: Enable SELinux
  selinux:
    policy: targeted
    state: enforcing

- name: Put SELinux in permissive mode, logging actions that would be blocked.
  selinux:
    policy: targeted
    state: permissive

- name: Disable SELinux
  selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
configfile
string
always
Path to SELinux configuration file.

Sample:
/etc/selinux/config
msg
string
always
Messages that describe changes that were made.

Sample:
Config SELinux state changed from 'disabled' to 'permissive'
policy
string
always
Name of the SELinux policy.

Sample:
targeted
reboot_required
boolean
always
Whether or not an reboot is required for the changes to take effect.

Sample:
True
state
string
always
SELinux mode.

Sample:
enforcing


Status

Red Hat Support

More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.

Authors

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/selinux_module.html