community.general.selinux_permissive module – Change permissive domain in SELinux policy

Note

This module is part of the community.general collection (version 6.6.9).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.selinux_permissive.

Synopsis

  • Add and remove a domain from the list of permissive domains.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter

Comments

domain

aliases: name

string / required

The domain that will be added or removed from the list of permissive domains.

no_reload

boolean

Disable reloading of the SELinux policy after making change to a domain’s permissive setting.

The default is false, which causes policy to be reloaded when a domain changes state.

Reloading the policy does not work on older versions of the policycoreutils-python library, for example in EL 6.”

Choices:

  • false ← (default)

  • true

permissive

boolean / required

Indicate if the domain should or should not be set as permissive.

Choices:

  • false

  • true

store

string

Name of the SELinux policy store to use.

Default: ""

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • Requires a recent version of SELinux and policycoreutils-python (EL 6 or newer).

Examples

- name: Change the httpd_t domain to permissive
  community.general.selinux_permissive:
    name: httpd_t
    permissive: true

Authors

  • Michael Scherer (@mscherer)