selogin – Manages linux user to SELinux user mapping

New in version 2.8.

Synopsis
Requirements
Parameters
Notes
Examples
Status

Synopsis

Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

libselinux
policycoreutils

Parameters

Parameter	Choices/Defaults	Comments
ignore_selinux_state boolean	Choices: no ← yes	Run independent of selinux runtime state
login - / required		a Linux user
reload -	Default: "yes"	Reload SELinux policy after commit.
selevel -	Default: "s0"	MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. aliases: serange
seuser - / required		SELinux user name
state - / required	Choices: present ← absent	Desired mapping value.

Notes

Note

The changes are persistent across reboots
Not tested on any debian based system

Examples

# Modify the default user on the system to the guest_u user
- selogin:
    login: __default__
    seuser: guest_u
    state: present

# Assign gijoe user on an MLS machine a range and to the staff_u user
- selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

# Assign all users in the engineering group to the staff_u user
- selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Dan Keder (@dankeder)
Petr Lautrbach (@bachradsusi)
James Cassell (@jamescassell)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/selogin_module.html