selinux – Change policy and state of SELinux¶
Synopsis¶
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
Requirements¶
The below requirements are needed on the host that executes this module.
- libselinux-python
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
configfile
-
|
Default: "/etc/selinux/config"
|
The path to the SELinux configuration file, if non-standard.
aliases: conf, file |
policy
-
|
The name of the SELinux policy to use (e.g.
targeted ) will be required if state is not disabled . |
|
state
-
/ required
|
|
The SELinux mode.
|
Examples¶
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive
- name: Disable SELinux
selinux:
state: disabled
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
configfile
string
|
always |
Path to SELinux configuration file.
Sample:
/etc/selinux/config
|
msg
string
|
always |
Messages that describe changes that were made.
Sample:
Config SELinux state changed from 'disabled' to 'permissive'
|
policy
string
|
always |
Name of the SELinux policy.
Sample:
targeted
|
reboot_required
boolean
|
always |
Whether or not an reboot is required for the changes to take effect.
Sample:
True
|
state
string
|
always |
SELinux mode.
Sample:
enforcing
|
Status¶
- This module is guaranteed to have no backward incompatible interface changes going forward. [stableinterface]
- This module is maintained by the Ansible Core Team. [core]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Derek Carter (@goozbach) <goozbach@friocorte.com>
Hint
If you notice any issues in this documentation you can edit this document to improve it.