AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible SELinux: Manage Modes, Booleans & Contexts (Complete Guide) — Video Tutorial

How to automate the enabling or disabling of SELinux Permissive policy per single process or domain keeping the whole system under enforcing policy and make it.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

  • SELinux Permissive Domain
  • What is SELinux?
  • What is SELinux Permissive Domain?
  • Ansible Enable or Disable Permissive Domain in SELinux policy
  • Parameters
  • Links
  • code
  • execution
  • idempotency
  • before execution
SELinux Permissive Domain What is SELinux? Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). What is SELinux Permissive Domain? SELinux Permissive Domains allow an administrator to configure a single process (domain) to run permissive, rather than making the whole system permissive. Ansible Enable or Disable Permissive Domain in SELinux policy - `community.general.selinux_permissive` - Change permissive domain in SELinux policy Today we're talking about Ansible module `selinux_permissive`. The full name is `community.general.selinux_permissive`, which means that is part of the collection of modules to community-supported for Ansible. It supports a huge variety of Linux distributions and it changes the permissive domain in SELinux policy. It requires the `policycoreutils-python` package installed on the target system for `semanage` utility. Parameters - **domain** (name) string - the name of the domain - **permissive** boolean - no/yes - no_reload boolean - **no**/yes Let's see the parameter of the selinux_permissive Ansible module. The only mandatory parameters are "domain" and "permissive". The parameter "domain" or alias "name" specifies the name of the SELinux domain that we would add to the list of permissive domains. The parameter "permissive" allows you to enable or disable the SELinux permissive domain immediately in the running system. The parameter "no_reload" disables the policy reloading after a change of the setting. Default is "no", which causes the reloading of the policy. Links - https://docs.ansible.com/ansible/latest/collections/community/general/selinux_permissive_module.html - https://selinuxproject.org/page/PermissiveDomainRecipe - https://www.redhat.com/sysadmin/semanage-keep-selinux-enforcing ## Playbook Enable or Disable Permissive Domain in SELinux policy on Linux with Ansible Playbook. code ```yaml --- - name: selinux_permissive module Playbook hosts: all become: true tasks: - name: semanage present ansible.builtin.package: name: "policycoreutils-python-utils" state: present - name: Change the httpd_t domain to permissive community.general.selinux_permissive: name: httpd_t permissive: true ``` execution ```bash $ ansible-playbook -i virtualmachines/demo/inventory selinux/selinux_permissivedomain.yml PLAY [selinux_permissive module Playbook] ************************************************************* TASK [Gathering Facts] **************************************************************************** ok: [demo.example.com] TASK [semanage present] *************************************************************************** changed: [demo.example.com] TASK [Change the httpd_t domain to permissive] **************************************************** changed: [demo.example.com] PLAY RECAP ****************************

About this tutorial

  • Author: Luca Berton
  • Difficulty: Beginner
  • Read time: 4 min
  • Category: installation

Topics covered

Related video tutorials