community.general.selogin module – Manages linux user to SELinux user mapping

Note

This module is part of the community.general collection (version 9.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.selogin.

Synopsis

  • Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux

  • policycoreutils

Parameters

Parameter

Comments

ignore_selinux_state

boolean

Run independent of selinux runtime state

Choices:

  • false ← (default)

  • true

login

string / required

a Linux user

reload

boolean

Reload SELinux policy after commit.

Choices:

  • false

  • true ← (default)

selevel

aliases: serange

string

MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.

Default: "s0"

seuser

string

SELinux user name

state

string

Desired mapping value.

Choices:

  • "present" ← (default)

  • "absent"

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • The changes are persistent across reboots

  • Not tested on any debian based system

Examples

- name: Modify the default user on the system to the guest_u user
  community.general.selogin:
    login: __default__
    seuser: guest_u
    state: present

- name: Assign gijoe user on an MLS machine a range and to the staff_u user
  community.general.selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

- name: Assign all users in the engineering group to the staff_u user
  community.general.selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Authors

  • Dan Keder (@dankeder)

  • Petr Lautrbach (@bachradsusi)

  • James Cassell (@jamescassell)