robertdebock.selinux
Ansible Role for SELinux
This role installs and configures SELinux along with the necessary libraries on your system.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
Here is a simple example taken from molecule/default/converge.yml. This example is tested each time there is a push, pull request, or release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.selinux
selinux_reboot: false
selinux_booleans:
- name: http_can_network_connect
- name: abrt_anon_write
state: false
persistent: false
Before running the playbook, the machine needs to be prepared. In CI, this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
For more details, see a full explanation and example on how to use these roles.
Role Variables
Default values for the variables can be found in defaults/main.yml:
---
# defaults file for selinux
# State can be disabled, permissive, or enforcing.
selinux_state: enforcing
# The policy varies by distribution.
selinux_policy: "{{ _selinux_policy[ansible_os_family] | default(_selinux_policy['default']) }}"
# Should the machine reboot after changes?
selinux_reboot: true
# Enable or disable booleans by putting them in this list.
# selinux_booleans:
# - name: http_can_network_connect
# - name: abrt_anon_write
# state: false
# persistent: false
Requirements
- Python packages listed in requirements.txt.
State of Used Roles
The roles mentioned below are used to prepare a system. You can prepare your system differently if needed.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
Context
This role is part of many compatible roles. You can check the documentation of these roles for more information.
Here’s a visual overview of related roles:
Compatibility
This role has been tested on these container images:
| Container | Tags |
|---|---|
| Alpine | all |
| Amazon | Candidate |
| EL | 9 |
| Debian | all |
| Fedora | all |
| Ubuntu | all |
You need at least Ansible version 2.12. Tests have been conducted on:
- The previous version.
- The current version.
- The development version.
If you encounter issues, please report them on GitHub.
License
This role is licensed under Apache-2.0.
Author Information
This role is created by robertdebock.
If you like what you see, consider sponsoring me.
Install and configure selinux and its required libraries on your system.
ansible-galaxy install robertdebock.selinux