community.general.selogin – Manages linux user to SELinux user mapping
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.selogin
.
Requirements
The below requirements are needed on the host that executes this module.
libselinux
policycoreutils
Parameters
Parameter |
Comments |
---|---|
Run independent of selinux runtime state Choices:
|
|
a Linux user |
|
Reload SELinux policy after commit. Choices:
|
|
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. Default: “s0” |
|
SELinux user name |
|
Desired mapping value. Choices:
|
Examples
- name: Modify the default user on the system to the guest_u user
community.general.selogin:
login: __default__
seuser: guest_u
state: present
- name: Assign gijoe user on an MLS machine a range and to the staff_u user
community.general.selogin:
login: gijoe
seuser: staff_u
serange: SystemLow-Secret
state: present
- name: Assign all users in the engineering group to the staff_u user
community.general.selogin:
login: '%engineering'
seuser: staff_u
state: present
Authors
Dan Keder (@dankeder)
Petr Lautrbach (@bachradsusi)
James Cassell (@jamescassell)