Ansible - serole parameter (SELinux)
by
Jeremy Canfield |
Updated: June 25 2021
| Ansible articles
The Selinux context has 4 parts - SELinux user : role : type : level. Following is the context of index.php .
Modifying the state of SELinux can only be done by root or by users or groups that have been granted sudo access, thus you'll want to either run this playbook as root, use the remote_user: root directive or use become.
Before using the selevel parameter, you will probably want to use the selinux module to ensure that SELinux is set to enforcing.
---
- hosts: all
remote_user: root
tasks:
- name: set SELinux to enforcing
selinux:
policy: targetted
state: enforcing
...
Let's say you are using the copy module to copy a file to a managed node (e.g. target system) and you want to set the SELinux role. The serole parameter can be used to define the SELinux role. In this example, the SELinux role is set to be object_r.
---
- hosts: all
remote_user: root
tasks:
- name: copy foo.txt
copy:
src: /tmp/foo.txt
dest: /tmp/foo.txt
serole: object_r
...
Did you find this article helpful?
If so, consider buying me a coffee over at