Enable SELinux, by default to enforce the targeted policy

2020-12-05 23:53:18 -06:00
parent b5514e9415
commit 5137d9839e
2 changed files with 15 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
 # defaults file for ensure_selinux
+selinux_policy: 'targeted'
+selinux_state: 'enforcing'
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,12 @@
 ---
 # tasks file for ensure_selinux
+- name: 'Ensure SELinux is enforcing'
+  ansible.posix.selinux:
+    policy: '{{ selinux_policy }}'
+    state: '{{ selinux_state }}'
+  register: 'results'
+- name: 'Reboot if required'
+  when:
+    - results.reboot_required
+  reboot:
+