20 lines
731 B
YAML
20 lines
731 B
YAML
---
|
|
- name: Fix SELinux
|
|
when: is_rhel | bool
|
|
block:
|
|
- name: Fix SELinux by pre-labeling the filesystem before first boot
|
|
when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux | bool)
|
|
ansible.builtin.command: >
|
|
arch-chroot /mnt /sbin/setfiles -v -F
|
|
-e /dev -e /proc -e /sys -e /run
|
|
/etc/selinux/targeted/contexts/files/file_contexts /
|
|
register: configuration_setfiles_result
|
|
changed_when: configuration_setfiles_result.rc == 0
|
|
|
|
- name: Disable SELinux
|
|
when: os | lower == "fedora" or not (selinux | bool)
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/etc/selinux/config
|
|
regexp: ^SELINUX=
|
|
line: SELINUX=permissive
|