Hello Rodrigo,

I'm quite new to AppArmor but I'm really excited to learn all that I can! I've read your article on SELinux and AppArmor. I see that you mention complain and enforce modes but not permissive mode! Does this mean that there isn't a permissive mode? Also, you mentioned AppArmor uses profiles defined in text files instead of policy managed by commands. My question is:

For SLSE 15-SP1 how would I set the mode using an Ansible task if this is possible?

This is what I have so far:

---

• name: install selinux dependencies when selinux is installed on Debian apt: name: ['policycoreutils', 'checkpolicy', 'selinux-basics', 'python-selinux' ] state: present when: ansible_distribution|lower == 'debian'
• name: Set SELinux to permissive mode | RHEL selinux: policy: targeted state: permissive register: task_result when: ansible_distribution|lower == 'redhat'
• name: Set SELinux to permissive mode | Debian selinux: policy: default state: permissive register: task_result when:
  • ansible_selinux_python_present|bool
  • ansible_distribution|lower == 'debian'
• name: Reboot the server and wait for it to come back up. reboot: when: task_result is changed ...

As you can see, i don't have a task for AppArmor! If you can help me I would greatly appreciate it!