Try SpotterManages SELinux file context mapping definitions
Authors: Dag Wieers (@dagwieers)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Manages SELinux file context mapping definitions.
Similar to the C(semanage fcontext) command.
- name: Allow apache to modify files in /srv/git_repos
community.general.sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_sys_rw_content_t
state: present
- name: Substitute file contexts for path /srv/containers with /var/lib/containers
community.general.sefcontext:
target: /srv/containers
substitute: /var/lib/containers
state: present
- name: Delete file context path substitution for /srv/containers
community.general.sefcontext:
target: /srv/containers
substitute: /var/lib/containers
state: absent
- name: Delete any file context mappings for path /srv/git
community.general.sefcontext:
target: /srv/git
state: absent
- name: Apply new SELinux file context to filesystem ansible.builtin.command: restorecon -irv /srv/git_repos
ftype:
choices:
- a
- b
- c
- d
- f
- l
- p
- s
default: a
description:
- The file type that should have SELinux contexts applied.
- 'The following file type options are available:'
- V(a) for all files,
- V(b) for block devices,
- V(c) for character devices,
- V(d) for directories,
- V(f) for regular files,
- V(l) for symbolic links,
- V(p) for named pipes,
- V(s) for socket files.
type: str
state:
choices:
- absent
- present
default: present
description:
- Whether the SELinux file context must be V(absent) or V(present).
- Specifying V(absent) without either O(setype) or O(substitute) deletes both SELinux
type or path substitution mappings that match O(target).
type: str
reload:
default: true
description:
- Reload SELinux policy after commit.
- Note that this does not apply SELinux file contexts to existing files.
type: bool
setype:
description:
- SELinux type for the specified O(target).
type: str
seuser:
description:
- SELinux user for the specified O(target).
- Defaults to V(system_u) for new file contexts and to existing value when modifying
file contexts.
type: str
target:
aliases:
- path
description:
- Target path (expression).
required: true
type: str
selevel:
aliases:
- serange
description:
- SELinux range for the specified O(target).
- Defaults to V(s0) for new file contexts and to existing value when modifying file
contexts.
type: str
substitute:
aliases:
- equal
description:
- Path to use to substitute file context(s) for the specified O(target). The context
labeling for the O(target) subtree is made equivalent to this path.
- This is also referred to as SELinux file context equivalence and it implements the
C(equal) functionality of the SELinux management tools.
type: str
version_added: 6.4.0
version_added_collection: community.general
ignore_selinux_state:
default: false
description:
- Useful for scenarios (chrooted environment) that you can't get the real SELinux
state.
type: bool