caa7cc54ee
The disable-selinux role has been renamed to selinux and now supports setting desired state. Previously Kayobe was defaulting to disabling and rebooted the host - to avoid audit logs filling up. This change allows operators to define desired SELinux state and defaults to permissive - to adhere to those site policies that require SELinux to be at least in permissive state. Change-Id: I42933b0b7d55c69c9f6992e331fafb2e6c42d4d1
14 lines
298 B
YAML
14 lines
298 B
YAML
---
|
|
# Target SELinux policy
|
|
selinux_policy: targeted
|
|
|
|
# Target SELinux state
|
|
selinux_state: permissive
|
|
|
|
# Whether to reboot to apply SELinux config changes.
|
|
selinux_do_reboot: false
|
|
|
|
# Number of seconds to wait for hosts to become accessible via SSH after being
|
|
# rebooted.
|
|
selinux_reboot_timeout:
|