ansible 之 selinux
selinux
用途:配置 SELinux 模式和策略
官方文档
> SELINUX (/usr/lib/python2.7/site-packages/ansible-2.8.0.dev0-py2.7.egg/ansible/modules/system/selinux.py)
Configures the SELinux mode and policy. A reboot may be required after usage.
Ansible will not issue this reboot but will let you know when it is required.
* This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):
- conf
path to the SELinux configuration file, if non-standard
(Aliases: configfile, file)[Default: /etc/selinux/config]
- policy
name of the SELinux policy to use (example: `targeted') will be required if
state is not `disabled'
[Default: (null)]
= state
The SELinux mode
(Choices: enforcing, permissive, disabled)
NOTES:
* Not tested on any debian based system
REQUIREMENTS: libselinux-python
AUTHOR: Derek Carter (@goozbach) <goozbach@friocorte.com>
METADATA:
status:
- stableinterface
supported_by: core
EXAMPLES:
# Enable SELinux
- selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
state: disabled
RETURN VALUES:
msg:
description: Messages that describe changes that were made
returned: always
type: string
sample: Config SELinux state changed from 'disabled' to 'permissive'
configfile:
description: Path to SELinux configuration file
returned: always
type: string
sample: /etc/selinux/config
policy:
description: Name of the SELinux policy
returned: always
type: string
sample: targeted
state:
description: SELinux mode
returned: always
type: string
sample: enforcing
reboot_required:
description: Whether or not an reboot is required for the changes to take effect
returned: always
type: bool
sample: true
参数解释
-
conf
默认值:/etc/selinux/config
别名:configfile、file
SELinux 配置文件的路径, -
policy
默认值:null
设置 SELinux 的策略,此时state不能为disabled
= state
选项:enforcing, permissive, disabled
SELinux 的模式
