community.general.selogin module – Manages linux user to SELinux user mapping
Note
This module is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.selogin
.
Synopsis
Manages linux user to SELinux user mapping
Requirements
The below requirements are needed on the host that executes this module.
libselinux
policycoreutils
Parameters
Parameter |
Comments |
---|---|
Run independent of selinux runtime state Choices:
|
|
a Linux user |
|
Reload SELinux policy after commit. Choices:
|
|
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. Default: |
|
SELinux user name |
|
Desired mapping value. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
The changes are persistent across reboots
Not tested on any debian based system
Examples
- name: Modify the default user on the system to the guest_u user
community.general.selogin:
login: __default__
seuser: guest_u
state: present
- name: Assign gijoe user on an MLS machine a range and to the staff_u user
community.general.selogin:
login: gijoe
seuser: staff_u
serange: SystemLow-Secret
state: present
- name: Assign all users in the engineering group to the staff_u user
community.general.selogin:
login: '%engineering'
seuser: staff_u
state: present