selinux¶
Collection Note
This module is part of the ansible.posix collection. To install the collection, use:
Added in version1.0.0.
You need further requirements to be able to use this module, see the Requirements section for details.
Synopsis¶
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
Requirements¶
The following Python packages are needed on the host that executes this module:
Parameters¶
| Parameter | Defaults / Choices | Comments |
|---|---|---|
| configfile str |
Default: /etc/selinux/config |
The path to the SELinux configuration file, if non-standard. |
| policy str |
The name of the SELinux policy to use (e.g. C(targeted)) will be required unless O(state=disabled). | |
| state str required |
Choices: disabled, enforcing, permissive | The SELinux mode. |
| update_kernel_param bool |
If set to V(true), will update also the kernel boot parameters when disabling/enabling SELinux. The C(grubby) tool must be present on the target system for this to work. Version Added: 1.4.0 |
Examples¶
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
Return Values¶
| Key | Data Type | Description | Returned |
|---|---|---|---|
| configfile | str | Path to SELinux configuration file. | always |
| msg | str | Messages that describe changes that were made. | always |
| policy | str | Name of the SELinux policy. | always |
| reboot_required | bool | Whether or not an reboot is required for the changes to take effect. | always |
| state | str | SELinux mode. | always |
Authors¶
- Derek Carter (@goozbach) Goozbach@friocorte.com