community.general.sefcontext – Manages SELinux file context mapping definitions¶
Note
This plugin is part of the community.general collection (version 2.5.1).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.sefcontext
.
Synopsis¶
Manages SELinux file context mapping definitions.
Similar to the
semanage fcontext
command.
Requirements¶
The below requirements are needed on the host that executes this module.
libselinux-python
policycoreutils-python
Parameters¶
Notes¶
Note
The changes are persistent across reboots.
The community.general.sefcontext module does not modify existing files to the new SELinux context(s), so it is advisable to first create the SELinux file contexts before creating files, or run
restorecon
manually for the existing files that require the new SELinux file contexts.Not applying SELinux fcontexts to existing files is a deliberate decision as it would be unclear what reported changes would entail to, and there’s no guarantee that applying SELinux fcontext does not pick up other unrelated prior changes.
Examples¶
- name: Allow apache to modify files in /srv/git_repos
community.general.sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
- name: Apply new SELinux file context to filesystem
ansible.builtin.command: restorecon -irv /srv/git_repos
Authors¶
Dag Wieers (@dagwieers)