W3cubDocs

/Ansible 2.10

community.general.selogin – Manages linux user to SELinux user mapping

Note

This plugin is part of the community.general collection.

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.selogin.

Synopsis

  • Manages linux user to SELinux user mapping

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux
  • policycoreutils

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
    Choices:
  • no
  • yes
Run independent of selinux runtime state
login
string / required
a Linux user
reload
string
Default:
"yes"
Reload SELinux policy after commit.
selevel
string
Default:
"s0"
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.

aliases: serange
seuser
string / required
SELinux user name
state
string / required
    Choices:
  • present
  • absent
Desired mapping value.

Notes

Note

  • The changes are persistent across reboots
  • Not tested on any debian based system

Examples

- name: Modify the default user on the system to the guest_u user
  community.general.selogin:
    login: __default__
    seuser: guest_u
    state: present

- name: Assign gijoe user on an MLS machine a range and to the staff_u user
  community.general.selogin:
    login: gijoe
    seuser: staff_u
    serange: SystemLow-Secret
    state: present

- name: Assign all users in the engineering group to the staff_u user
  community.general.selogin:
    login: '%engineering'
    seuser: staff_u
    state: present

Authors

  • Dan Keder (@dankeder)
  • Petr Lautrbach (@bachradsusi)
  • James Cassell (@jamescassell)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/selogin_module.html