selinux: state=disabled

Strahinja_Kustudic2 · September 18, 2014, 12:57pm

Currently if SELinux is enabled on the system and if you run a task:

`

selinux: state=disabled
`

it will set SELinux as disabled in the conf file, but SELinux itself will still be enabled (in enforcing by default) until the system is rebooted, which basically means SELinux is not disabled after this task runs. Also re-running this task again before the server is rebooted, it will report as changed, even though we set SELinux as disabled before.

I can understand the changed problem before rebooting, but I can’t understand leaving enforcing after this. I think it would be better to change the module to set the config to disabled and run setenforce 0 to set the permissive mode as well. Currently state=disabled is useless without a restart.

I wanted to ask here what do you think before making an issue on GitHub.

James_Cammarata · September 18, 2014, 1:06pm

Hi Strahinja,

I think that makes sense, so feel free to open that issue.

Thanks!

Strahinja_Kustudic2 · September 19, 2014, 11:55am

I made a pull request https://github.com/ansible/ansible/pull/9072

Topic		Replies	Views
Set SELinux to permissive mode and reboot. Ansible Project ansible-project	0	0	September 4, 2019
Set SELinux to permissive mode and reboot. Ansible Project	0	0	September 5, 2019
Why do these SELinux tasks report "changed" every time? Ansible Project	2	0	July 11, 2015
ansible disable warnings per task/module (selinux) Ansible Project	0	2	July 30, 2018
ERROR! 'state' is not a valid attribute for a Task (selinux module) Ansible Developer	1	0	December 23, 2016

selinux: state=disabled

Related topics