Documentation

selinux - Change policy and state of SELinux

Synopsis

  • Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.

Options

parameter required default choices comments
conf
no /etc/selinux/config
path to the SELinux configuration file, if non-standard
policy
no
name of the SELinux policy to use (example: targeted) will be required if state is not disabled
state
yes
  • enforcing
  • permissive
  • disabled
The SELinux mode

Examples

# Enable SELinux
- selinux:
    policy: targeted
    state: enforcing

# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
    policy: targeted
    state: permissive

# Disable SELinux
- selinux:
    state: disabled

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
msg
Messages that describe changes that were made
always string Config SELinux state changed from 'disabled' to 'permissive'
policy
Name of the SELinux policy
always string targeted
configfile
Path to SELinux configuration file
always string /etc/selinux/config
state
SELinux mode
always string enforcing
reboot_required
Whether or not an reboot is required for the changes to take effect
always bool True


Notes

Note

  • Not tested on any debian based system

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance Info

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.