/ansible-role-sys_selinux

An Ansible Role to install and configure SELinux.

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Github (tag) Github (license) Github (issues) Github (pull requests)

Travis (com)

Ansible (min. version) Ansible (platforms) Ansible (tags)

Ansible Role: sys_selinux

An Ansible Role to install and configure SELinux.

Motivation

SELinux is used on many enterprise OS and therefore mandatory for many use cases.

Description

This role installs and configures SELinux.

  • install SELinux
  • configure policy
  • configure mode

Requirements

Used Modules:

Installation

Install from Ansible Galaxy

ansible-galaxy install while_true_do.sys_selinux

Install from Github

git clone https://github.com/while-true-do/ansible-role-sys_selinux.git while_true_do.sys_selinux

Usage

Role Variables

---
# defaults file for while_true_do.sys_selinux

## Package Management
wtd_sys_selinux_package:
  - policycoreutils
  - policycoreutils-python
  - selinux-policy
  - selinux-policy-targeted
  - libselinux-python
  - libselinux-utils
  - setroubleshoot-server
  - setools
  - setools-console
  - mcstrans
# State can be present|latest|absent
wtd_sys_selinux_package_state: "present"

## Configuration Management
# wtd_sys_selinux_mode can be:
# enforcing   =>  SELinux security policy is enforced
# permissive  =>  SELinux prints warnings instead of enforcing
# disabled    =>  No SELinux policy is loaded
wtd_sys_selinux_conf_mode: "enforcing"

# wtd_sys_selinux_policy can be:
# targeted  =>  Targeted processes are protected
# minimum   =>  Modification of targeted policy. Only selected processes are protected
# mls       =>  Multi Level Security protection
wtd_sys_selinux_conf_policy: "targeted"

Example Playbook

Running Ansible Roles can be done in a playbook.

Simple

---
- hosts: all
  roles:
    - role: while_true_do.sys_selinux

Known Issues

  1. RedHat Testing is currently not possible in public, due to limitations in subscriptions.
  2. Some services and features cannot be tested properly, due to limitations in docker.

Testing

Most of the "generic" tests are located in the Test Library.

Ansible specific testing is done with Molecule.

Infrastructure testing is done with testinfra.

Automated testing is done with Travis CI.

Contribute

Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.

See who has contributed already in the kudos.txt.

License

This work is licensed under a BSD-3-Clause License.

Contact