Allows some types to misbehave without stopping them. Not as good as specific policies, but better than disabling SELinux entirely.
This does not set the SELinux state to permissive! Use
selinux_statefor that.
| Action | Description |
|---|---|
:add |
(Default) Adds a permissive, unless already set. |
:delete |
Removes a permissive, if set. |
| Name | Type | Default | Description |
|---|---|---|---|
context |
String | Resource name | Name of the context to disable SELinux for. |
# Disable enforcement on Apache
selinux_permissive 'httpd_t' do
notifies :restart, 'service[httpd]'
end