selinux_state

The selinux_state resource is used to manage the SELinux state on the system. It does this by using the setenforce command and rendering the /etc/selinux/config file from a template.

Introduced: v4.0.0

Actions

Action	Description
`:enforcing`	(Default) Set the SELinux state to enforcing
`:permissive`	Set the state to permissive
`:disabled`	Set the state to disabled
`

⚠ Switching to or from disabled requires a reboot!

Properties

Name	Type	Default	Description
`config_file`	String	`/etc/selinux/config`	Path to SELinux config file on disk
`persistent`	true, false	`true`	Persist status update to the selinux configuration file
`policy`	String	`targeted`	SELinux policy type
`automatic_reboot`	true, false, Symbol	`false`	Whether to automatically reboot the node if needed to change state

Examples

selinux_state 'enforcing' do
  action :enforcing
end

selinux_state 'permissive' do
  action :permissive
end

selinux_state 'disabled' do
  action :disabled
end

Usage

Managing SELinux State (`selinux_state`)

Simply set SELinux to enforcing or permissive:

selinux_state "SELinux Enforcing" do
  action :enforcing
end
 
selinux_state "SELinux Permissive" do
  action :permissive
end

The action here is based on the value of the node['selinux']['state'] attribute, which we convert to lower-case and make a symbol to pass to the action.

selinux_state "SELinux #{node['selinux']['state'].capitalize}" do
  action node['selinux']['state'].downcase.to_sym
end

The action here is based on the value of the node['selinux']['status'] attribute, which we convert to lower-case and make a symbol to pass to the action.

selinux_state "SELinux #{node['selinux']['status'].capitalize}" do
  action node['selinux']['status'].downcase.to_sym
end

Selinux Port Selinux User