community / community.general / 6.6.8 / module / sefcontext Manages SELinux file context mapping definitions Authors: Dag Wieers (@dagwieers)community.general.sefcontext (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
Manages SELinux file context mapping definitions.
Similar to the C(semanage fcontext) command.
- name: Allow apache to modify files in /srv/git_repos community.general.sefcontext: target: '/srv/git_repos(/.*)?' setype: httpd_sys_rw_content_t state: present
- name: Substitute file contexts for path /srv/containers with /var/lib/containers community.general.sefcontext: target: /srv/containers substitute: /var/lib/containers state: present
- name: Delete file context path substitution for /srv/containers community.general.sefcontext: target: /srv/containers substitute: /var/lib/containers state: absent
- name: Delete any file context mappings for path /srv/git community.general.sefcontext: target: /srv/git state: absent
- name: Apply new SELinux file context to filesystem ansible.builtin.command: restorecon -irv /srv/git_repos
ftype: choices: - a - b - c - d - f - l - p - s default: a description: - The file type that should have SELinux contexts applied. - 'The following file type options are available:' - C(a) for all files, - C(b) for block devices, - C(c) for character devices, - C(d) for directories, - C(f) for regular files, - C(l) for symbolic links, - C(p) for named pipes, - C(s) for socket files. type: str state: choices: - absent - present default: present description: - Whether the SELinux file context must be C(absent) or C(present). - Specifying C(absent) without either I(setype) or I(substitute) deletes both SELinux type or path substitution mappings that match I(target). type: str reload: default: true description: - Reload SELinux policy after commit. - Note that this does not apply SELinux file contexts to existing files. type: bool setype: description: - SELinux type for the specified I(target). type: str seuser: description: - SELinux user for the specified I(target). - Defaults to C(system_u) for new file contexts and to existing value when modifying file contexts. type: str target: aliases: - path description: - Target path (expression). required: true type: str selevel: aliases: - serange description: - SELinux range for the specified I(target). - Defaults to C(s0) for new file contexts and to existing value when modifying file contexts. type: str substitute: aliases: - equal description: - Path to use to substitute file context(s) for the specified I(target). The context labeling for the I(target) subtree is made equivalent to this path. - This is also referred to as SELinux file context equivalence and it implements the C(equal) functionality of the SELinux management tools. type: str version_added: 6.4.0 version_added_collection: community.general ignore_selinux_state: default: false description: - Useful for scenarios (chrooted environment) that you can't get the real SELinux state. type: bool