4e8bf6705f
- Removing extra space _ Fixing some typos Change-Id: Ib4f86c7a29074ce0150a3cd55478ed94f2d62c43
30 lines
915 B
ReStructuredText
30 lines
915 B
ReStructuredText
---
|
|
id: RHEL-07-020210
|
|
status: implemented
|
|
tag: lsm
|
|
---
|
|
|
|
The tasks in the security role enable the appropriate Linux Security Module
|
|
(LSM) for the operating system.
|
|
|
|
For Ubuntu systems, AppArmor is installed and enabled. This change takes
|
|
effect immediately.
|
|
|
|
For CentOS or Red Hat Enterprise Linux systems, SELinux is enabled (in
|
|
enforcing mode) and its user tools are automatically installed. If SELinux is
|
|
not in enforcing mode already, a reboot is required to enable SELinux and
|
|
relabel the filesystem.
|
|
|
|
.. warning::
|
|
|
|
Relabeling a filesystem takes time and the server must be offline for the
|
|
relabeling to complete. Filesystems with large amounts of files and
|
|
filesystems on slow disks will cause the relabeling process to take more
|
|
time.
|
|
|
|
Deployers can opt out of this change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_enable_linux_security_module: no
|