kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SELinux support to the base role

Browse Source
This commit is contained in:
Kris Lamoureux
2026-01-13 01:07:29 -05:00
parent ac33f8bf7d
commit 39e8f78adf
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dev/host_vars/podman.yml
View File

@@ -1,6 +1,8 @@
############## ##############
#### base #### #### base ####
############## ##############
selinux:
state: enforcing
base_allow_reboot: false base_allow_reboot: false
base_manage_network: false base_manage_network: false

12
roles/base/tasks/system.yml
View File

@@ -4,6 +4,18 @@
state: present state: present
update_cache: true update_cache: true
- name: Get the default policy and basic SELinux utilities
ansible.builtin.apt:
name: ["selinux-basics", "selinux-policy-default", "auditd"]
state: present
when: selinux is defined and selinux is not false
- name: Configure SELinux
ansible.posix.selinux:
state: "{{ selinux.state | default('permissive') }}"
policy: "{{ selinux.policy | default('default') }}"
when: selinux is defined and selinux is not false
- name: Install GPG - name: Install GPG
ansible.builtin.apt: ansible.builtin.apt:
name: gpg name: gpg