caa7cc54ee
The disable-selinux role has been renamed to selinux and now supports setting desired state. Previously Kayobe was defaulting to disabling and rebooted the host - to avoid audit logs filling up. This change allows operators to define desired SELinux state and defaults to permissive - to adhere to those site policies that require SELinux to be at least in permissive state. Change-Id: I42933b0b7d55c69c9f6992e331fafb2e6c42d4d1
19 lines
746 B
YAML
19 lines
746 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds functionality to configure desired SELinux state (in addition to
|
|
disabling SELinux previously).
|
|
upgrade:
|
|
- |
|
|
The ``disable-selinux`` role has been renamed to ``selinux`` and so have
|
|
been the related variables. If you set one of them, adapt your
|
|
configuration:
|
|
|
|
* ``disable_selinux_do_reboot`` becomes ``selinux_do_reboot``
|
|
* ``disable_selinux_reboot_timeout`` becomes ``selinux_reboot_timeout``
|
|
- |
|
|
Kayobe now sets SELinux to ``permissive`` by default (compared to
|
|
``disabled`` previously). This may require a reboot, which will only be
|
|
triggered if ``selinux_do_reboot`` is set to ``true``. If you want to
|
|
retain previous behaviour, set ``selinux_state`` to ``disabled``.
|