a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add note about sefcontext doing no restorecon (#39076) 

* Add note about sefcontext doing no restorecon

To someone like me who is relatively new to SELinux, setting the
"reload" option to yes might suggest that a restorecon is automatically
executed after the semanage call, making the new file context effective
immediately. I have found out that this is not the case and would like
to clarify this to others.

+label: docsite_pr

* Replace note by one suggested by reviewer

Reviewer dagwieers suggested a better notice text during review of my
original one, giving recommendations about what to do to actually get
the newly chosen SELinux context applied to the file.
pull/4420/head
Zeust the Unoobian 2018-04-25 18:05:03 +02:00 committed by Dag Wieers
parent fdcf8c7f74
commit db88cb8d8f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/ansible/modules/system/sefcontext.py
View File

@ -53,6 +53,10 @@ options:
default: 'yes'
notes:
- The changes are persistent across reboots
- The M(sefcontext) module does not modify existing files to the new
SELinux context(s), so it is advisable to first create the SELinux
file contexts before creating files, or run C(restorecon) manually
for the existing files that require the new SELinux file contexts.
requirements:
- libselinux-python
- policycoreutils-python