.. _ansible.posix.selinux_module:
*********************
ansible.posix.selinux
*********************
**Change policy and state of SELinux**
Version added: 1.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
Requirements
------------
The below requirements are needed on the host that executes this module.
- libselinux-python
Parameters
----------
.. raw:: html
Parameter
Choices/Defaults
Comments
configfile
string
Default:
"/etc/selinux/config"
The path to the SELinux configuration file, if non-standard.
aliases: conf, file
policy
string
The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
state
string
/ required
Choices:
disabled
enforcing
permissive
The SELinux mode.
Examples
--------
.. code-block:: yaml
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
Return Values
-------------
Common return values are documented `here `_, the following are the fields unique to this module:
.. raw:: html
Key
Returned
Description
configfile
string
always
Path to SELinux configuration file.
Sample:
/etc/selinux/config
msg
string
always
Messages that describe changes that were made.
Sample:
Config SELinux state changed from 'disabled' to 'permissive'
policy
string
always
Name of the SELinux policy.
Sample:
targeted
reboot_required
boolean
always
Whether or not an reboot is required for the changes to take effect.
Sample:
True
state
string
always
SELinux mode.
Sample:
enforcing
Status
------
Authors
~~~~~~~
- Derek Carter (@goozbach)