FreeKB - Ansible seuser parameter (SELinux)
Ansible - seuser parameter (SELinux)

The Selinux context has 4 parts - SELinux user : role : type : level. Following is the context of index.php .

 

Modifying the state of SELinux can only be done by root or by users or groups that have been granted sudo access, thus you'll want to either run this playbook as root, use the remote_user: root directive or use become.

Before using the selevel parameter, you will probably want to use the selinux module to ensure that SELinux is set to enforcing.

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to enforcing
    selinux:
      policy: targetted
      state: enforcing
...

 

Let's say you are using the copy module to copy a file to a managed node (e.g. target system) and you want to set the SELinux user. The seuser parameter can be used to define the SELinux user. In this example, the SELinux user is set to be unconfined_u.

---
- hosts: all
  remote_user: root
  tasks:
  - name: copy foo.txt
    copy:
      src: /tmp/foo.txt
      dest: /tmp/foo.txt
      seuser: unconfined_u
...

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 8ef6c in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |