forked from ISTI-ansible-roles/ansible-roles
Give the option of managing some SELinux properties in the bootstrap tasks.
This commit is contained in:
parent
27a82ad239
commit
1bcd77e306
|
@ -72,6 +72,11 @@ centos_hw_packages:
|
|||
- system-storage-manager
|
||||
|
||||
centos_selinux_daemons_dump_core: False
|
||||
selinux_policy_type: targeted
|
||||
selinux_policy_state: enforcing
|
||||
#selinux_booleans:
|
||||
# - { name: '', state: '', persistent: no }
|
||||
# - { name: '', state: '' }
|
||||
|
||||
manage_root_ssh_keys: True
|
||||
|
||||
|
|
|
@ -112,7 +112,17 @@
|
|||
|
||||
- name: Configure selinux to permit core dumps by daemons
|
||||
seboolean: name=daemons_dump_core state=yes persistent=yes
|
||||
when: centos_selinux_daemons_dump_core
|
||||
when: centos_selinux_daemons_dump_core | bool
|
||||
tags: [ 'centos', 'bootstrap', 'selinux' ]
|
||||
|
||||
- name: Set other SELinux booleans. Optional
|
||||
seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default('yes') }}
|
||||
with_items: '{{ selinux_booleans }}'
|
||||
when: selinux_booleans is defined
|
||||
tags: [ 'centos', 'bootstrap', 'selinux' ]
|
||||
|
||||
- name: Set the SELinux global policy. Defaults to Enforcing
|
||||
selinux: policy={{ selinux_policy_type }} state={{ selinux_policy_state }}
|
||||
tags: [ 'centos', 'bootstrap', 'selinux' ]
|
||||
|
||||
- name: various pub ssh keys for users and apps
|
||||
|
|
Loading…
Reference in New Issue