Documentation

selinux_permissive - Change permissive domain in SELinux policy

New in version 2.0.

Synopsis

  • Add and remove domain from the list of permissive domain.

Requirements

The below requirements are needed on the host that executes this module.

  • policycoreutils-python

Parameters

Parameter
Choices/Defaults
Comments
domain
required
the domain that will be added or removed from the list of permissive domains
no_reload
    Choices:
  • no ←
  • yes
automatically reload the policy after a change
default is set to 'false' as that's what most people would want after changing one domain
Note that this doesn't work on older version of the library (example EL 6), the module will silently ignore it in this case
permissive
required
    Choices:
  • no
  • yes
indicate if the domain should or should not be set as permissive
store
name of the SELinux policy store to use

Notes

Note

  • Requires a version of SELinux recent enough ( ie EL 6 or newer )

Examples

- selinux_permissive:
    name: httpd_t
    permissive: true

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

Hint

If you notice any issues in this documentation you can edit this document to improve it.