--- - name: Set current selinux policy set_fact: selinux_current: "{{ ansible_selinux.config_mode }}" - block: - name: Install dependencies package: name: "{{ item }}" state: present loop: "{{ selinux_packages }}" - name: Set selinux policy selinux: policy: "{{ selinux_policy }}" state: "{{ selinux_state }}" register: __sestatus - name: Add .autorelabel file (requires a reboot) file: path: /.autorelabel mode: 0600 state: touch when: - selinux_state == "enforcing" - selinux_current == "disabled" - __sestatus.changed become: True become_user: root