community / community.general / 3.8.10 / module / sefcontext Manages SELinux file context mapping definitions Authors: Dag Wieers (@dagwieers)community.general.sefcontext (3.8.10) — module
Install with ansible-galaxy collection install community.general:==3.8.10
collections: - name: community.general version: 3.8.10
Manages SELinux file context mapping definitions.
Similar to the C(semanage fcontext) command.
- name: Allow apache to modify files in /srv/git_repos community.general.sefcontext: target: '/srv/git_repos(/.*)?' setype: httpd_git_rw_content_t state: present
- name: Apply new SELinux file context to filesystem ansible.builtin.command: restorecon -irv /srv/git_repos
ftype: choices: - a - b - c - d - f - l - p - s default: a description: - The file type that should have SELinux contexts applied. - 'The following file type options are available:' - C(a) for all files, - C(b) for block devices, - C(c) for character devices, - C(d) for directories, - C(f) for regular files, - C(l) for symbolic links, - C(p) for named pipes, - C(s) for socket files. type: str state: choices: - absent - present default: present description: - Whether the SELinux file context must be C(absent) or C(present). type: str reload: default: true description: - Reload SELinux policy after commit. - Note that this does not apply SELinux file contexts to existing files. type: bool setype: description: - SELinux type for the specified target. required: true type: str seuser: description: - SELinux user for the specified target. type: str target: aliases: - path description: - Target path (expression). required: true type: str selevel: aliases: - serange description: - SELinux range for the specified target. type: str ignore_selinux_state: default: false description: - Useful for scenarios (chrooted environment) that you can't get the real SELinux state. type: bool