community.general.selogin – Manages linux user to SELinux user mapping

Note

This plugin is part of the community.general collection (version 4.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.selogin.

Synopsis

  • Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux

  • policycoreutils

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
    Choices:
  • no ←
  • yes
Run independent of selinux runtime state
login
string / required
a Linux user
reload
boolean
    Choices:
  • no
  • yes ←
Reload SELinux policy after commit.
selevel
string
Default:
"s0"
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.

aliases: serange
seuser
string
SELinux user name
state
string
    Choices:
  • present ←
  • absent
Desired mapping value.

Notes

Note

  • The changes are persistent across reboots

  • Not tested on any debian based system

Examples

- name: Modify the default user on the system to the guest_u user
  community.general.selogin:
    login: __default__
    seuser: guest_u
    state: present

- name: Assign gijoe user on an MLS machine a range and to the staff_u user
  community.general.selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

- name: Assign all users in the engineering group to the staff_u user
  community.general.selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Authors

  • Dan Keder (@dankeder)

  • Petr Lautrbach (@bachradsusi)

  • James Cassell (@jamescassell)