From 5137d9839ef56db565b7a6fe99da712056d678bb Mon Sep 17 00:00:00 2001
From: Jason Rothstein <fdragon@fdragon.org>
Date: Sat, 5 Dec 2020 23:53:18 -0600
Subject: [PATCH] Enable SELinux, by default to enforce the targeted policy

---
 defaults/main.yml |  5 ++++-
 tasks/main.yml    | 12 +++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0b66a03..36ad9c9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
-# defaults file for ensure_selinux
\ No newline at end of file
+# defaults file for ensure_selinux
+selinux_policy: 'targeted'
+selinux_state: 'enforcing'
+
diff --git a/tasks/main.yml b/tasks/main.yml
index 45905b8..45ba7d7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,12 @@
 ---
-# tasks file for ensure_selinux
\ No newline at end of file
+# tasks file for ensure_selinux
+- name: 'Ensure SELinux is enforcing'
+  ansible.posix.selinux:
+    policy: '{{ selinux_policy }}'
+    state: '{{ selinux_state }}'
+  register: 'results'
+- name: 'Reboot if required'
+  when:
+    - results.reboot_required
+  reboot:
+