ansible.posix.selinux – Change policy and state of SELinux

Note

This plugin is part of the ansible.posix collection.

To install it use: ansible-galaxy collection install ansible.posix.

To use it in a playbook, specify: ansible.posix.selinux.

New in version 1.0.0: of ansible.posix

Synopsis

  • Configures the SELinux mode and policy.

  • A reboot may be required after usage.

  • Ansible will not issue this reboot but will let you know when it is required.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments
configfile
string
Default:
"/etc/selinux/config"
The path to the SELinux configuration file, if non-standard.

aliases: conf, file
policy
string
The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
state
string / required
    Choices:
  • disabled
  • enforcing
  • permissive
The SELinux mode.

Examples

- name: Enable SELinux
  ansible.posix.selinux:
    policy: targeted
    state: enforcing

- name: Put SELinux in permissive mode, logging actions that would be blocked.
  ansible.posix.selinux:
    policy: targeted
    state: permissive

- name: Disable SELinux
  ansible.posix.selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
configfile
string
always
Path to SELinux configuration file.

Sample:
/etc/selinux/config
msg
string
always
Messages that describe changes that were made.

Sample:
Config SELinux state changed from 'disabled' to 'permissive'
policy
string
always
Name of the SELinux policy.

Sample:
targeted
reboot_required
boolean
always
Whether or not an reboot is required for the changes to take effect.

Sample:
True
state
string
always
SELinux mode.

Sample:
enforcing


Authors