community.general.selinux_permissive module – Change permissive domain in SELinux policy

Note

This module is part of the community.general collection (version 5.4.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.selinux_permissive.

Synopsis

  • Add and remove a domain from the list of permissive domains.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter

Comments

domain

aliases: name

string / required

The domain that will be added or removed from the list of permissive domains.

no_reload

boolean

Disable reloading of the SELinux policy after making change to a domain’s permissive setting.

The default is no, which causes policy to be reloaded when a domain changes state.

Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6.”

Choices:

  • no ← (default)

  • yes

permissive

boolean / required

Indicate if the domain should or should not be set as permissive.

Choices:

  • no

  • yes

store

string

Name of the SELinux policy store to use.

Notes

Note

  • Requires a recent version of SELinux and policycoreutils-python (EL 6 or newer).

Examples

- name: Change the httpd_t domain to permissive
  community.general.selinux_permissive:
    name: httpd_t
    permissive: true

Authors

  • Michael Scherer (@mscherer)