community.general.selogin – Manages linux user to SELinux user mapping

Note

This plugin is part of the community.general collection (version 3.7.0).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.selogin.

Synopsis

  • Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux

  • policycoreutils

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
    Choices:
  • no ←
  • yes
Run independent of selinux runtime state
login
string / required
a Linux user
reload
boolean
    Choices:
  • no
  • yes ←
Reload SELinux policy after commit.
selevel
string
Default:
"s0"
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.

aliases: serange
seuser
string
SELinux user name
state
string
    Choices:
  • present ←
  • absent
Desired mapping value.

Notes

Note

  • The changes are persistent across reboots

  • Not tested on any debian based system

Examples

- name: Modify the default user on the system to the guest_u user
  community.general.selogin:
    login: __default__
    seuser: guest_u
    state: present

- name: Assign gijoe user on an MLS machine a range and to the staff_u user
  community.general.selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

- name: Assign all users in the engineering group to the staff_u user
  community.general.selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Authors

  • Dan Keder (@dankeder)

  • Petr Lautrbach (@bachradsusi)

  • James Cassell (@jamescassell)