Change policy and state of SELinux
Version added: 1.0.0
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
The below requirements are needed on the host that executes this module.
| Parameter |
Choices/Defaults |
Comments |
|
configfile
string
|
Default:
"/etc/selinux/config"
|
The path to the SELinux configuration file, if non-standard.
aliases: conf, file
|
|
policy
string
|
|
The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
|
|
state
string
/ required
|
Choices:
- disabled
- enforcing
- permissive
|
The SELinux mode.
|
|
update_kernel_param
boolean
added in 1.4.0
|
|
If set to true, will update also the kernel boot parameters when disabling/enabling SELinux.
The grubby tool must be present on the target system for this to work.
|
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabledCommon return values are documented here, the following are the fields unique to this module:
| Key |
Returned |
Description |
|
configfile
string
|
always |
Path to SELinux configuration file.
Sample:
/etc/selinux/config
|
|
msg
string
|
always |
Messages that describe changes that were made.
Sample:
Config SELinux state changed from 'disabled' to 'permissive'
|
|
policy
string
|
always |
Name of the SELinux policy.
Sample:
targeted
|
|
reboot_required
boolean
|
always |
Whether or not an reboot is required for the changes to take effect.
Sample:
True
|
|
state
string
|
always |
SELinux mode.
Sample:
enforcing
|