The SELinux (Security Enhanced Linux) cookbook provides recipes for manipulating SELinux policy enforcement state.
SELinux can have one of three settings:
Enforcing
- Watches all system access checks, stops all 'Denied access'
- Default mode on RHEL systems
Permissive
- Allows access but reports violations
Disabled
- Disables SELinux from the system but is only read at boot time. If you set this flag, you must reboot.
Disable SELinux only if you plan to not use it. Use Permissive
mode if you just need to debug your system.
- Chef 15.3 or higher
- RHEL 7+
- CentOS 7+
- Fedora
- Ubuntu
- Debian
The following resources are provided:
- selinux_boolean
- selinux_fcontext
- selinux_install
- selinux_module
- selinux_permissive
- selinux_port
- selinux_state
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
This project exists thanks to all the people who contribute.
Thank you to all our backers!
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.