Documentation

selinux - Change policy and state of SELinux

Synopsis

  • Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.

Options

parameter required default choices comments
conf
no /etc/selinux/config
path to the SELinux configuration file, if non-standard
policy
no
name of the SELinux policy to use (example: targeted) will be required if state is not disabled
state
yes
  • enforcing
  • permissive
  • disabled
The SELinux mode

Examples

# Enable SELinux
- selinux:
    policy: targeted
    state: enforcing

# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
    policy: targeted
    state: permissive

# Disable SELinux
- selinux:
    state: disabled

Notes

Note

  • Not tested on any debian based system

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Support

This module is maintained by those with core commit privileges

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.