ansible.posix.selinux – Change policy and state of SELinux

Note

This plugin is part of the ansible.posix collection (version 1.1.1).

To install it use: ansible-galaxy collection install ansible.posix.

To use it in a playbook, specify: ansible.posix.selinux.

New in version 1.0.0: of ansible.posix

Synopsis

  • Configures the SELinux mode and policy.
  • A reboot may be required after usage.
  • Ansible will not issue this reboot but will let you know when it is required.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments
configfile
string
Default:
"/etc/selinux/config"
The path to the SELinux configuration file, if non-standard.

aliases: conf, file
policy
string
The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
state
string / required
    Choices:
  • disabled
  • enforcing
  • permissive
The SELinux mode.

Examples

- name: Enable SELinux
  ansible.posix.selinux:
    policy: targeted
    state: enforcing

- name: Put SELinux in permissive mode, logging actions that would be blocked.
  ansible.posix.selinux:
    policy: targeted
    state: permissive

- name: Disable SELinux
  ansible.posix.selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
configfile
string
always
Path to SELinux configuration file.

Sample:
/etc/selinux/config
msg
string
always
Messages that describe changes that were made.

Sample:
Config SELinux state changed from 'disabled' to 'permissive'
policy
string
always
Name of the SELinux policy.

Sample:
targeted
reboot_required
boolean
always
Whether or not an reboot is required for the changes to take effect.

Sample:
True
state
string
always
SELinux mode.

Sample:
enforcing


Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/ansible/posix/selinux_module.html