Try SpotterChange policy and state of SELinux
| "added in version" 1.0.0 of ansible.posix"
Authors: Derek Carter (@goozbach) <goozbach@friocorte.com>
Install with ansible-galaxy collection install ansible.posix:==1.5.4
collections:
- name: ansible.posix
version: 1.5.4Configures the SELinux mode and policy.
A reboot may be required after usage.
Ansible will not issue this reboot but will let you know when it is required.
- name: Enable SELinux
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
state:
choices:
- disabled
- enforcing
- permissive
description:
- The SELinux mode.
required: true
type: str
policy:
description:
- The name of the SELinux policy to use (e.g. C(targeted)) will be required if I(state)
is not C(disabled).
type: str
configfile:
aliases:
- conf
- file
default: /etc/selinux/config
description:
- The path to the SELinux configuration file, if non-standard.
type: str
update_kernel_param:
default: false
description:
- If set to I(true), will update also the kernel boot parameters when disabling/enabling
SELinux.
- The C(grubby) tool must be present on the target system for this to work.
type: bool
version_added: 1.4.0
version_added_collection: ansible.posix
configfile: description: Path to SELinux configuration file. returned: always sample: /etc/selinux/config type: str msg: description: Messages that describe changes that were made. returned: always sample: Config SELinux state changed from 'disabled' to 'permissive' type: str policy: description: Name of the SELinux policy. returned: always sample: targeted type: str reboot_required: description: Whether or not an reboot is required for the changes to take effect. returned: always sample: true type: bool state: description: SELinux mode. returned: always sample: enforcing type: str