Notable Changes
Note that the changes are not backward compatible and it is necessary to update playbooks that use them.
-
The following variables have been renamed according to common conventions and to improve consistency with the selinux module:
SELinux_type
toselinux_policy
SELinux_mode
toselinux_state
SELinux_booleans
toselinux_booleans
SELinux_file_contexts
toselinux_file_contexts
SELinux_restore_dirs
toselinux_restore_dirs
SELinux_ports
toselinux_ports
SELinux_logins
toselinux_logins
-
The
selinux_change_running
variable was removed without a functional change, as the role has been always changing the running state and the variable was effectively ignored. -
Local modifications to file contexts, ports, logins, and booleans are no longer dropped by default. The modifications specified in
selinux_booleans
,selinux_file_contexts
,selinux_ports
andselinux_logins
are applied on top of pre-existing modifications. To obtain the previous behavior, set the new variablesselinux_booleans_purge
,selinux_fcontexts_purge
,selinux_ports_purge
andselinux_logins_purge
(or justselinux_all_purge
) toTrue
. -
Dictionaries that are passed to the
selinux_file_contexts
variable now provide the newstate
option, which is set topresent
by default. Setting it toabsent
drops individual modifications to file contexts. -
If the
selinux_state
orselinux_policy
variables are not defined, theselinux
role preserves previous values. Only if the SELinux policy is not defined on the system and SELinux is enabled by the role,selinux_policy
defaults totargeted
. -
Behavior in cases when a reboot is needed to apply the settings has been redefined. The
selinux
role now fails with an explanatory error message and sets theselinux_reboot_required
custom fact toTrue
. The role never reboots the managed host itself. The error needs to be handled in the playbook by using theblock
directive, and after rebooting the system, the role needs to be applied again. An example is shown in the providedselinux-playbook.yml
playbook.