If SELinux is available for the running system, the mode can be managed and booleans can be set.
enforcing:
selinux.mode
samba_create_home_dirs:
selinux.boolean:
- value: True
- persist: True
nginx:
selinux.module:
- enabled: False
Note
Use of these states require that the selinux
execution module is available.
salt.states.selinux.
boolean
(name, value, persist=False)¶Set up an SELinux boolean
salt.states.selinux.
mode
(name)¶Verifies the mode SELinux is running in, can be set to enforcing, permissive, or disabled
- Note: A change to or from disabled mode requires a system reboot.
- You will need to perform this yourself.
salt.states.selinux.
module
(name, module_state='Enabled', version='any', **opts)¶Enable/Disable and optionally force a specific version for an SELinux module
New in version 2016.3.0.
salt.states.selinux.
module_install
(name)¶Installs custom SELinux module from given file
New in version 2016.11.6.
salt.states.selinux.
module_remove
(name)¶Removes SELinux module
New in version 2016.11.6.