If SELinux is available for the running system, the mode can be managed and booleans can be set.
enforcing:
selinux.mode
samba_create_home_dirs:
selinux.boolean:
- value: True
- persist: True
nginx:
selinux.module:
- enabled: False
Note
Use of these states require that the selinux
execution module is available.
salt.states.selinux.
boolean
(name, value, persist=False)¶Set up an SELinux boolean
salt.states.selinux.
fcontext_policy_absent
(name, filetype='a', sel_type=None, sel_user=None, sel_level=None)¶New in version 2017.7.0.
Makes sure an SELinux file context policy for a given filespec (name), filetype and SELinux context type is absent.
salt.states.selinux.
fcontext_policy_applied
(name, recursive=False)¶New in version 2017.7.0.
Checks and makes sure the SELinux policies for a given filespec are applied.
salt.states.selinux.
fcontext_policy_present
(name, sel_type, filetype='a', sel_user=None, sel_level=None)¶New in version 2017.7.0.
Makes sure a SELinux policy for a given filespec (name), filetype and SELinux context type is present.
salt.states.selinux.
mode
(name)¶Verifies the mode SELinux is running in, can be set to enforcing, permissive, or disabled
Note
A change to or from disabled mode requires a system reboot. You will need to perform this yourself.
salt.states.selinux.
module
(name, module_state='Enabled', version='any', **opts)¶Enable/Disable and optionally force a specific version for an SELinux module
New in version 2016.3.0.
salt.states.selinux.
module_install
(name)¶Installs custom SELinux module from given file
New in version 2016.11.6.
salt.states.selinux.
module_remove
(name)¶Removes SELinux module
New in version 2016.11.6.