The selinux_state resource is used to manage the SELinux state on the system. It does this by using the setenforce command and rendering the /etc/selinux/config file from a template.
Introduced: v4.0.0
| Action | Description |
|---|---|
:enforcing |
(Default) Set the SELinux state to enforcing |
:permissive |
Set the state to permissive |
:disabled |
Set the state to disabled |
⚠ Switching to or from
disabledrequires a reboot!
| Name | Type | Default | Description |
|---|---|---|---|
config_file |
String | /etc/selinux/config |
Path to SELinux config file on disk |
persistent |
true, false | true |
Persist status update to the selinux configuration file |
policy |
String | targeted |
SELinux policy type |
automatic_reboot |
true, false, Symbol | false |
Whether to automatically reboot the node if needed to change state |
selinux_state 'enforcing' do
action :enforcing
endselinux_state 'permissive' do
action :permissive
endselinux_state 'disabled' do
action :disabled
endSimply set SELinux to enforcing or permissive:
selinux_state "SELinux Enforcing" do
action :enforcing
end
selinux_state "SELinux Permissive" do
action :permissive
endThe action here is based on the value of the node['selinux']['state'] attribute, which we convert to lower-case and make a symbol to pass to the action.
selinux_state "SELinux #{node['selinux']['state'].capitalize}" do
action node['selinux']['state'].downcase.to_sym
endThe action here is based on the value of the node['selinux']['status'] attribute, which we convert to lower-case and make a symbol to pass to the action.
selinux_state "SELinux #{node['selinux']['status'].capitalize}" do
action node['selinux']['status'].downcase.to_sym
end