selinux – Change policy and state of SELinux¶
Synopsis¶
Configures the SELinux mode and policy.
A reboot may be required after usage.
Ansible will not issue this reboot but will let you know when it is required.
Requirements¶
The below requirements are needed on the host that executes this module.
libselinux-python
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
configfile
-
|
Default: "/etc/selinux/config"
|
The path to the SELinux configuration file, if non-standard.
aliases: conf, file |
|
policy
-
|
The name of the SELinux policy to use (e.g.
targeted) will be required if state is not disabled. |
|
|
state
-
/ required
|
|
The SELinux mode.
|
Examples¶
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive
- name: Disable SELinux
selinux:
state: disabled
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
configfile
string
|
always |
Path to SELinux configuration file.
Sample:
/etc/selinux/config
|
|
msg
string
|
always |
Messages that describe changes that were made.
Sample:
Config SELinux state changed from 'disabled' to 'permissive'
|
|
policy
string
|
always |
Name of the SELinux policy.
Sample:
targeted
|
|
reboot_required
boolean
|
always |
Whether or not an reboot is required for the changes to take effect.
Sample:
True
|
|
state
string
|
always |
SELinux mode.
Sample:
enforcing
|
Status¶
This module is guaranteed to have no backward incompatible interface changes going forward. [stableinterface]
This module is maintained by the Ansible Core Team. [core]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.