selogin – Manages linux user to SELinux user mapping
New in version 2.8.
Synopsis
- Manages linux user to SELinux user mapping
Requirements
The below requirements are needed on the host that executes this module.
- libselinux
- policycoreutils
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
ignore_selinux_state
boolean
|
|
Run independent of selinux runtime state
|
login
- /
required
|
a Linux user
|
|
reload
-
|
Default:
"yes"
|
Reload SELinux policy after commit.
|
selevel
-
|
Default:
"s0"
|
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.
aliases: serange |
seuser
- /
required
|
SELinux user name
|
|
state
- /
required
|
|
Desired mapping value.
|
Notes
Note
- The changes are persistent across reboots
- Not tested on any debian based system
Examples
# Modify the default user on the system to the guest_u user - selogin: login: __default__ seuser: guest_u state: present # Assign gijoe user on an MLS machine a range and to the staff_u user - selogin: login: gijoe seuser: staff_u serange: SystemLow-Secret state: present # Assign all users in the engineering group to the staff_u user - selogin: login: '%engineering' seuser: staff_u state: present
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Dan Keder (@dankeder)
- Petr Lautrbach (@bachradsusi)
- James Cassell (@jamescassell)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/selogin_module.html