selogin – Manages linux user to SELinux user mapping¶
New in version 2.8.
Synopsis¶
Manages linux user to SELinux user mapping
Requirements¶
The below requirements are needed on the host that executes this module.
libselinux
policycoreutils
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
ignore_selinux_state
boolean
|
|
Run independent of selinux runtime state
|
|
login
-
/ required
|
a Linux user
|
|
|
reload
-
|
Default: "yes"
|
Reload SELinux policy after commit.
|
|
selevel
-
|
Default: "s0"
|
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.
aliases: serange |
|
seuser
-
/ required
|
SELinux user name
|
|
|
state
-
/ required
|
|
Desired mapping value.
|
Notes¶
Note
The changes are persistent across reboots
Not tested on any debian based system
Examples¶
# Modify the default user on the system to the guest_u user
- selogin:
login: __default__
seuser: guest_u
state: present
# Assign gijoe user on an MLS machine a range and to the staff_u user
- selogin:
login: gijoe
seuser: staff_u
serange: SystemLow-Secret
state: present
# Assign all users in the engineering group to the staff_u user
- selogin:
login: '%engineering'
seuser: staff_u
state: present
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]