概述
Manages SELinux file context mapping definitions. Similar to the `semanage fcontext’ command.
默认目录的安全上下文查询与修改
常用模块
target
: Target path (expression). (Aliases: path)
指定目标目录
setype
: SELinux type for the specified target.
设置安全性本文
state
: Whether the SELinux file context must be absent’ or `present’.(Choices: absent, present)[Default: present]
模块状态:present代表增加目录的安全性本文;absent代表删除目录的安全性本文
示例
案例1:给 /srv/git_repos设置httpd_config_t安全上下文策略
- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/srv/git_repos(/.*)?'
setype:httpd_config_t
state: present
新建文件夹及目录, “secontext”:是"unconfined_u:object_r:var_t:s0"
[root@control ~]# ansible node1 -m file -a 'name=/srv/git_repos/node1 state=directory'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": <