community.general.selinux_permissive – Change permissive domain in SELinux policy

Note

This plugin is part of the community.general collection (version 4.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.selinux_permissive.

Synopsis

  • Add and remove a domain from the list of permissive domains.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
domain
string / required
Default:
""
The domain that will be added or removed from the list of permissive domains.

aliases: name
no_reload
boolean
    Choices:
  • no ←
  • yes
Disable reloading of the SELinux policy after making change to a domain's permissive setting.
The default is no, which causes policy to be reloaded when a domain changes state.
Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6."
permissive
boolean / required
    Choices:
  • no
  • yes
Indicate if the domain should or should not be set as permissive.
store
string
Name of the SELinux policy store to use.

Notes

Note

  • Requires a recent version of SELinux and policycoreutils-python (EL 6 or newer).

Examples

- name: Change the httpd_t domain to permissive
  community.general.selinux_permissive:
    name: httpd_t
    permissive: true

Authors