Hello Rodrigo,
I'm quite new to AppArmor but I'm really excited to learn all that I can! I've read your article on SELinux and AppArmor. I see that you mention complain and enforce modes but not permissive mode! Does this mean that there isn't a permissive mode? Also, you mentioned AppArmor uses profiles defined in text files instead of policy managed by commands. My question is:
For SLSE 15-SP1 how would I set the mode using an Ansible task if this is possible?
This is what I have so far:
- name: install selinux dependencies when selinux is installed on Debian
apt:
name: ['policycoreutils', 'checkpolicy', 'selinux-basics', 'python-selinux' ]
state: present
when: ansible_distribution|lower == 'debian'
- name: Set SELinux to permissive mode | RHEL
selinux:
policy: targeted
state: permissive
register: task_result
when: ansible_distribution|lower == 'redhat'
- name: Set SELinux to permissive mode | Debian
selinux:
policy: default
state: permissive
register: task_result
when:
- ansible_selinux_python_present|bool
- ansible_distribution|lower == 'debian'
- name: Reboot the server and wait for it to come back up.
reboot:
when: task_result is changed
...
As you can see, i don't have a task for AppArmor! If you can help me I would greatly appreciate it!