New in version 2.2.
semanage fcontext
command.The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
ftype
string
|
|
The file type that should have SELinux contexts applied.
The following file type options are available:
a for all files,b for block devices,c for character devices,d for directories,f for regular files,l for symbolic links,p for named pipes,s for socket files. |
ignore_selinux_state
boolean
added in 2.8 |
|
Useful for scenarios (chrooted environment) that you can't get the real SELinux state.
|
reload
boolean
|
|
Reload SELinux policy after commit.
Note that this does not apply SELinux file contexts to existing files.
|
selevel
string
|
SELinux range for the specified target.
aliases: serange |
|
setype
string
/ required
|
SELinux type for the specified target.
|
|
seuser
string
|
SELinux user for the specified target.
|
|
state
string
|
|
Whether the SELinux file context must be
absent or present . |
target
string
/ required
|
Target path (expression).
aliases: path |
Note
restorecon
manually for the existing files that require the new SELinux file contexts.- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
- name: Apply new SELinux file context to filesystem
command: restorecon -irv /srv/git_repos
Hint
If you notice any issues in this documentation you can edit this document to improve it.