community.general.capabilities module – Manage Linux capabilities
Note
This module is part of the community.general collection (version 10.0.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.capabilities
.
Synopsis
This module manipulates files privileges using the Linux capabilities(7) system.
Parameters
Parameter |
Comments |
---|---|
Desired capability to set (with operator and flags, if |
|
Specifies the path to the file to be managed. |
|
Whether the entry should be present or absent in the file’s capabilities. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
The capabilities system will automatically transform operators and flags into the effective set, so for example,
cap_foo=ep
will probably becomecap_foo+ep
.This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.
Examples
- name: Set cap_sys_chroot+ep on /foo
community.general.capabilities:
path: /foo
capability: cap_sys_chroot+ep
state: present
- name: Remove cap_net_bind_service from /bar
community.general.capabilities:
path: /bar
capability: cap_net_bind_service
state: absent