SELinux

1. META:
2.  
3. - { role: configureSELinux, selinux_policy: "permissive", selinux_type: "targeted"}
4.  
5. TASK:
6.  
7. ---
8.  
9. - name: Configure SELinux Policy and Type
10. template: src=selinux.j2 dest={{ selinux_path }}
11.  
12. TEMPLATES:
13.  
14. # This file controls the state of SELinux on the system.
15. # SELINUX= can take one of these three values:
16. # enforcing - SELinux security policy is enforced.
17. # permissive - SELinux prints warnings instead of enforcing.
18. # disabled - SELinux is fully disabled.
19. {% if selinux_policy is defined and selinux_policy in selinux_policy_list -%}
20. SELINUX= {{ selinux_policy }}
21. {% else %}
22. {%- endif %}
23. # SELINUXTYPE= type of policy in use. Possible values are:
24. # targeted - Only targeted network daemons are protected.
25. # strict - Full SELinux protection.
26. {% if selinux_type is defined and selinux_type in selinux_type_list -%}
27. SELINUXTYPE={{ selinux_type }}
28. {%- endif %}
29.  
30. DEFAULTS:
31.  
32. ---
33. # defaults file for configureSELinux
34. #
35. selinux_path: /etc/sysconfig/selinux.test
36.  
37. selinux_policy: "from defaulti"
38. selinux_type: " "
39.  
40. selinux_policy_list:
41. - enforcing
42. - permissive
43. - disabled
44.  
45. selinux_type_list:
46. - targeted
47. - strict