ansible.posix.selinux module – Change policy and state of SELinux
Note
This module is part of the ansible.posix collection (version 1.5.4).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.posix
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: ansible.posix.selinux
.
New in ansible.posix 1.0.0
Synopsis
Configures the SELinux mode and policy.
A reboot may be required after usage.
Ansible will not issue this reboot but will let you know when it is required.
Requirements
The below requirements are needed on the host that executes this module.
libselinux-python
Parameters
Parameter |
Comments |
---|---|
The path to the SELinux configuration file, if non-standard. Default: |
|
The name of the SELinux policy to use (e.g. |
|
The SELinux mode. Choices:
|
|
If set to true, will update also the kernel boot parameters when disabling/enabling SELinux. The Choices:
|
Examples
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Path to SELinux configuration file. Returned: always Sample: |
|
Messages that describe changes that were made. Returned: always Sample: |
|
Name of the SELinux policy. Returned: always Sample: |
|
Whether or not an reboot is required for the changes to take effect. Returned: always Sample: |
|
SELinux mode. Returned: always Sample: |