selinux - Change policy and state of SELinux¶

Synopsis
- Requirements
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Support
- Author

Synopsis ¶

Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.

Requirements ¶

The below requirements are needed on the host that executes this module.

libselinux-python

Parameters ¶

Parameter	Choices/Defaults	Comments
conf	Default: /etc/selinux/config	path to the SELinux configuration file, if non-standard aliases: configfile, file
policy		name of the SELinux policy to use (example: `targeted`) will be required if state is not `disabled`
state required	Choices: enforcing permissive disabled	The SELinux mode

Notes ¶

Note

Not tested on any debian based system

Examples ¶

# Enable SELinux
- selinux:
    policy: targeted
    state: enforcing

# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
    policy: targeted
    state: permissive

# Disable SELinux
- selinux:
    state: disabled

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
configfile string	always	Path to SELinux configuration file Sample: /etc/selinux/config
msg string	always	Messages that describe changes that were made Sample: Config SELinux state changed from 'disabled' to 'permissive'
policy string	always	Name of the SELinux policy Sample: targeted
reboot_required bool	always	Whether or not an reboot is required for the changes to take effect Sample: True
state string	always	SELinux mode Sample: enforcing

Status ¶

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance ¶

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support ¶

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author ¶

Derek Carter (@goozbach) <goozbach@friocorte.com>

Hint

If you notice any issues in this documentation you can edit this document to improve it.