sefcontext - Manages SELinux file context mapping definitions
- Manages SELinux file context mapping definitions.
- Similar to the
semanage fcontext
command.
The below requirements are needed on the host that executes this module.
- libselinux-python
- policycoreutils-python
Parameter |
Choices/Defaults |
Comments |
ftype
str |
Default:
a
|
File type.
The following file type options can be passed; a for all files, b for block devices, c for character devices, d for directories, f for regular files, l for symbolic links, p for named pipes, s for socket files.
|
reload
bool |
|
Reload SELinux policy after commit.
Note that this does not apply SELinux file contexts to existing files.
|
selevel
str |
|
SELinux range for the specified target.
aliases: serange
|
setype
required |
|
SELinux type for the specified target.
|
seuser
str |
|
SELinux user for the specified target.
|
state
str |
Choices:
- absent
present ←
|
Whether the SELinux file context must be absent or present .
|
target
str
required |
|
Target path (expression).
aliases: path
|
Note
- The changes are persistent across reboots.
- The sefcontext module does not modify existing files to the new SELinux context(s), so it is advisable to first create the SELinux file contexts before creating files, or run
restorecon
manually for the existing files that require the new SELinux file contexts.
- Not applying SELinux fcontexts to existing files is a deliberate decision as it would be unclear what reported changes would entail to, and there’s no guarantee that applying SELinux fcontext does not pick up other unrelated prior changes.
- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
- name: Apply new SELinux file context to filesystem
command: restorecon -irv /srv/git_repos
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.