community.general.selinux_permissive module – Change permissive domain in SELinux policy

Note

This module is part of the community.general collection (version 10.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.selinux_permissive.

Synopsis

  • Add and remove a domain from the list of permissive domains.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter

Comments

domain

aliases: name

string / required

The domain that will be added or removed from the list of permissive domains.

no_reload

boolean

Disable reloading of the SELinux policy after making change to a domain’s permissive setting.

The default is false, which causes policy to be reloaded when a domain changes state.

Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6.”

Choices:

  • false ← (default)

  • true

permissive

boolean / required

Indicate if the domain should or should not be set as permissive.

Choices:

  • false

  • true

store

string

Name of the SELinux policy store to use.

Default: ""

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • Requires a recent version of SELinux and policycoreutils-python (EL 6 or newer).

Examples

- name: Change the httpd_t domain to permissive
  community.general.selinux_permissive:
    name: httpd_t
    permissive: true

Authors

  • Michael Scherer (@mscherer)