Bootstrap FreeKB - Ansible - seuser parameter (SELinux)
Ansible - seuser parameter (SELinux)

Updated:   |  Ansible articles

The Selinux context has 4 parts - SELinux user : role : type : level. Following is the context of index.php .

 

Modifying the state of SELinux can only be done by root or by users or groups that have been granted sudo access, thus you'll want to either run this playbook as root, use the remote_user: root directive or use become.

Before using the selevel parameter, you will probably want to use the selinux module to ensure that SELinux is set to enforcing.

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to enforcing
    selinux:
      policy: targetted
      state: enforcing
...

 

Let's say you are using the copy module to copy a file to a managed node (e.g. target system) and you want to set the SELinux user. The seuser parameter can be used to define the SELinux user. In this example, the SELinux user is set to be unconfined_u.

---
- hosts: all
  remote_user: root
  tasks:
  - name: copy foo.txt
    copy:
      src: /tmp/foo.txt
      dest: /tmp/foo.txt
      seuser: unconfined_u
...

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 529361 in the box below so that we can be sure you are a human.