Try SpotterManages SELinux file context mapping definitions
| "added in version" 2.2 of ansible.builtin"
Authors: Dag Wieers (@dagwieers)
preview | supported by community
pipInstall with pip install ansible==2.9.27
Manages SELinux file context mapping definitions.
Similar to the C(semanage fcontext) command.
- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
- name: Apply new SELinux file context to filesystem command: restorecon -irv /srv/git_repos
ftype:
choices:
- a
- b
- c
- d
- f
- l
- p
- s
default: a
description:
- The file type that should have SELinux contexts applied.
- 'The following file type options are available:'
- C(a) for all files,
- C(b) for block devices,
- C(c) for character devices,
- C(d) for directories,
- C(f) for regular files,
- C(l) for symbolic links,
- C(p) for named pipes,
- C(s) for socket files.
type: str
state:
choices:
- absent
- present
default: present
description:
- Whether the SELinux file context must be C(absent) or C(present).
type: str
reload:
default: true
description:
- Reload SELinux policy after commit.
- Note that this does not apply SELinux file contexts to existing files.
type: bool
setype:
description:
- SELinux type for the specified target.
required: true
type: str
seuser:
description:
- SELinux user for the specified target.
type: str
target:
aliases:
- path
description:
- Target path (expression).
required: true
type: str
selevel:
aliases:
- serange
description:
- SELinux range for the specified target.
type: str
ignore_selinux_state:
default: false
description:
- Useful for scenarios (chrooted environment) that you can't get the real SELinux
state.
type: bool
version_added: '2.8'
version_added_collection: ansible.builtin