Try SpotterChange policy and state of SELinux
| "added in version" 0.7 of ansible.builtin"
Authors: Derek Carter (@goozbach) <goozbach@friocorte.com>
stableinterface | supported by core
pipInstall with pip install ansible==2.9.27
Configures the SELinux mode and policy.
A reboot may be required after usage.
Ansible will not issue this reboot but will let you know when it is required.
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive
- name: Disable SELinux
selinux:
state: disabled
state:
choices:
- disabled
- enforcing
- permissive
description:
- The SELinux mode.
required: true
policy:
description:
- The name of the SELinux policy to use (e.g. C(targeted)) will be required if state
is not C(disabled).
configfile:
aliases:
- conf
- file
default: /etc/selinux/config
description:
- The path to the SELinux configuration file, if non-standard.
configfile: description: Path to SELinux configuration file. returned: always sample: /etc/selinux/config type: str msg: description: Messages that describe changes that were made. returned: always sample: Config SELinux state changed from 'disabled' to 'permissive' type: str policy: description: Name of the SELinux policy. returned: always sample: targeted type: str reboot_required: description: Whether or not an reboot is required for the changes to take effect. returned: always sample: true type: bool state: description: SELinux mode. returned: always sample: enforcing type: str