selinux_permissive – Change permissive domain in SELinux policy

Synopsis

  • Add and remove a domain from the list of permissive domains.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
domain
string / required
Default:
""
The domain that will be added or removed from the list of permissive domains.

aliases: name
no_reload
boolean
    Choices:
  • no ←
  • yes
Disable reloading of the SELinux policy after making change to a domain's permissive setting.
The default is no, which causes policy to be reloaded when a domain changes state.
Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6."
permissive
boolean / required
    Choices:
  • no
  • yes
Indicate if the domain should or should not be set as permissive.
store
string
Name of the SELinux policy store to use.

Notes

Note

  • Requires a recent version of SELinux and policycoreutils-python (EL 6 or newer).

Examples

- name: Change the httpd_t domain to permissive
  selinux_permissive:
    name: httpd_t
    permissive: true

Status

Authors

Hint

If you notice any issues in this documentation, you can edit this document to improve it.