Give the option of managing some SELinux properties in the bootstrap tasks.

library/centos/roles/basic-setup/defaults/main.yml

@@ -72,6 +72,11 @@ centos_hw_packages:
   - system-storage-manager
 
 centos_selinux_daemons_dump_core: False
+selinux_policy_type: targeted
+selinux_policy_state: enforcing
+#selinux_booleans:
+#  - { name: '', state: '', persistent: no }
+#  - { name: '', state: '' }
 
 manage_root_ssh_keys: True
 

library/centos/roles/basic-setup/tasks/main.yml

@@ -112,7 +112,17 @@
 
 - name: Configure selinux to permit core dumps by daemons
   seboolean: name=daemons_dump_core state=yes persistent=yes
-  when: centos_selinux_daemons_dump_core
+  when: centos_selinux_daemons_dump_core | bool
+  tags: [ 'centos', 'bootstrap', 'selinux' ]
+
+- name: Set other SELinux booleans. Optional
+  seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default('yes') }}
+  with_items: '{{ selinux_booleans }}'
+  when: selinux_booleans is defined
+  tags: [ 'centos', 'bootstrap', 'selinux' ]
+
+- name: Set the SELinux global policy. Defaults to Enforcing
+  selinux: policy={{ selinux_policy_type }} state={{ selinux_policy_state }}
   tags: [ 'centos', 'bootstrap', 'selinux' ]
 
 - name: various pub ssh keys for users and apps