44 lines
981 B
ReStructuredText
44 lines
981 B
ReStructuredText
``selinux``
|
|
===========
|
|
|
|
This module configures :doc:`/selinux`. It allows configuring the SELinux mode
|
|
as well as setting SELinux booleans.
|
|
|
|
|
|
Parameters
|
|
----------
|
|
|
|
``selinux_mode``
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
Acceptable values are ``enforcing``, ``permissive``, and ``disabled``. The
|
|
module configures this mode for the next reboot. It also sets it right away
|
|
unless the mode to be configured is ``disabled`` or SELinux is currently
|
|
disabled. In the former case the current mode is set to ``permissive``. In the
|
|
latter case nothing is done before the next reboot.
|
|
|
|
|
|
Defined Types
|
|
-------------
|
|
|
|
``set_sebool``
|
|
~~~~~~~~~~~~~~
|
|
|
|
Sets the SELinux boolean specified as the resource title unless SELinux is
|
|
disabled, in which case it does nothing.
|
|
|
|
Parameters:
|
|
|
|
- ``enable``
|
|
|
|
If true, the boolean is set to ``on``. If false, the boolean is set to
|
|
``off``.
|
|
|
|
|
|
Examples
|
|
--------
|
|
|
|
Allow httpd to access user's home directories::
|
|
|
|
selinux::set_sebool {'httpd_enable_homedirs': enable => true }
|