Easier SELinux Administration

Posted on

We have 300+ RHEL servers and are looking at what it would take to enable and manage SELinux across them all. So far it looks very manual. I feel like Ansible is possibly the key. I found five SELinux modules that would help, but the process still seems very manual.
- seboolean – Toggles SELinux booleans
- sefcontext – Manages SELinux file context mapping definitions
- selinux – Change policy and state of SELinux
- selinux_permissive – Change permissive domain in SELinux policy
- selogin – Manages linux user to SELinux user mapping

Has anyone successfully implemented SELinux and managed it using Ansible? What was your experience? What suggestions would you have for a shop that is just getting started down this path?