ansible.builtin.sefcontext (v2.7.18) — module

Install Ansible via pip

Install with pip install ansible==2.7.18

Description

Manages SELinux file context mapping definitions.

Similar to the C(semanage fcontext) command.

Requirements

• libselinux-python
• policycoreutils-python

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Allow apache to modify files in /srv/git_repos
  sefcontext:
    target: '/srv/git_repos(/.*)?'
    setype: httpd_git_rw_content_t
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Apply new SELinux file context to filesystem
  command: restorecon -irv /srv/git_repos

Inputs

    
ftype:
    default: a
    description:
    - File type.
    - The following file type options can be passed; C(a) for all files, C(b) for block
      devices, C(c) for character devices, C(d) for directories, C(f) for regular files,
      C(l) for symbolic links, C(p) for named pipes, C(s) for socket files.
    type: str

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Whether the SELinux file context must be C(absent) or C(present).
    type: str

reload:
    default: 'yes'
    description:
    - Reload SELinux policy after commit.
    - Note that this does not apply SELinux file contexts to existing files.
    type: bool

setype:
    description:
    - SELinux type for the specified target.
    required: true

seuser:
    description:
    - SELinux user for the specified target.
    type: str

target:
    aliases:
    - path
    description:
    - Target path (expression).
    required: true
    type: str

selevel:
    aliases:
    - serange
    description:
    - SELinux range for the specified target.
    type: str