selinux - Change policy and state of SELinux

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

Parameters

Parameter Choices/Defaults Comments
conf Default:
/etc/selinux/config
path to the SELinux configuration file, if non-standard

aliases: configfile, file
policy
name of the SELinux policy to use (example: targeted) will be required if state is not disabled
state
required
    Choices:
  • enforcing
  • permissive
  • disabled
The SELinux mode

Notes

Note

  • Not tested on any debian based system

Examples

# Enable SELinux
- selinux:
    policy: targeted
    state: enforcing

# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
    policy: targeted
    state: permissive

# Disable SELinux
- selinux:
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
configfile
string
always
Path to SELinux configuration file

Sample:
/etc/selinux/config
msg
string
always
Messages that describe changes that were made

Sample:
Config SELinux state changed from 'disabled' to 'permissive'
policy
string
always
Name of the SELinux policy

Sample:
targeted
reboot_required
bool
always
Whether or not an reboot is required for the changes to take effect

Sample:
True
state
string
always
SELinux mode

Sample:
enforcing


Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author

Hint

If you notice any issues in this documentation you can edit this document to improve it.