Documentation

sefcontext - Manages SELinux file context mapping definitions

New in version 2.2.

Synopsis

  • Manages SELinux file context mapping definitions.
  • Similar to the semanage fcontext command.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python
  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
ftype Default:
a
File type.
reload
bool
    Choices:
  • no
  • yes ←
Reload SELinux policy after commit.
selevel
SELinux range for the specified target.

aliases: serange
setype
required
SELinux type for the specified target.
seuser
SELinux user for the specified target.
state
    Choices:
  • absent
  • present ←
Desired boolean value.
target
required
Target path (expression).

aliases: path

Notes

Note

  • The changes are persistent across reboots
  • The sefcontext module does not modify existing files to the new SELinux context(s), so it is advisable to first create the SELinux file contexts before creating files, or run restorecon manually for the existing files that require the new SELinux file contexts.

Examples

# Allow apache to modify files in /srv/git_repos
- sefcontext:
    target: '/srv/git_repos(/.*)?'
    setype: httpd_git_rw_content_t
    state: present

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.