Enable SELinux, by default to enforce the targeted policy

2020-12-05 23:53:18 -06:00 · 2020-12-05 23:53:18 -06:00 · 5137d9839e
commit 5137d9839e
parent b5514e9415
2 changed files with 15 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,5 @@
 ---
-# defaults file for ensure_selinux
+# defaults file for ensure_selinux
+selinux_policy: 'targeted'
+selinux_state: 'enforcing'
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,12 @@
 ---
-# tasks file for ensure_selinux
+# tasks file for ensure_selinux
+- name: 'Ensure SELinux is enforcing'
+  ansible.posix.selinux:
+    policy: '{{ selinux_policy }}'
+    state: '{{ selinux_state }}'
+  register: 'results'
+- name: 'Reboot if required'
+  when:
+    - results.reboot_required
+  reboot:
+