Try SpotterChange policy and state of SELinux
| "added in version" 0.7 of ansible.builtin"
Authors: Derek Carter (@goozbach) <goozbach@friocorte.com>
stableinterface | supported by core
pipInstall with pip install ansible==2.5.10
Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
# Enable SELinux
- selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
state: disabled
conf:
aliases:
- configfile
- file
default: /etc/selinux/config
description:
- path to the SELinux configuration file, if non-standard
required: false
state:
choices:
- enforcing
- permissive
- disabled
default: null
description:
- The SELinux mode
required: true
policy:
default: null
description:
- 'name of the SELinux policy to use (example: C(targeted)) will be required if state
is not C(disabled)'
required: false
configfile: description: Path to SELinux configuration file returned: always sample: /etc/selinux/config type: string msg: description: Messages that describe changes that were made returned: always sample: Config SELinux state changed from 'disabled' to 'permissive' type: string policy: description: Name of the SELinux policy returned: always sample: targeted type: string reboot_required: description: Whether or not an reboot is required for the changes to take effect returned: always sample: true type: bool state: description: SELinux mode returned: always sample: enforcing type: string