How do I check the status of selinux or apparmor?

I’m working with Ansible and SLES 15 SP1. I need to set selinux to permissive mode. I have my playbook:

[CODE]—

• name: Set SELinux to permissive mode.
  selinux:
  policy: targeted
  state: permissive
  when: ansible_selinux_python_present|bool
• name: Reboot
  selinux:
  when: reboot_required|default(false)|bool
  …[/CODE]

When I check selinux status, I get an error:

sestatus

-bash: sestatus: command not found

systemctl status selinux

Unit selinux.service could not be found.

Can anyone help me with this please?

Hi and welcome to the forum!

You probably need to install the respective packages first and then enable selinux. Read the docs for a detailed description.
Depending on your installation procedure apparmor is probably also not installed yet, so you’ll have to do that, too.

Regards,
Eugen

For AppArmor:

[CODE] # systemctl status apparmor
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2019-09-12 15:41:56 EEST; 4 days ago
Main PID: 851 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/apparmor.service

Sep 12 15:41:52 server systemd[1]: Starting Load AppArmor profiles…
Sep 12 15:41:52 server apparmor.systemd[851]: Restarting AppArmor
Sep 12 15:41:52 server apparmor.systemd[851]: Reloading AppArmor profiles
Sep 12 15:41:56 server systemd[1]: Started Load AppArmor profiles.[/CODE]

As SELINUX is not installed by default → you need sestatus or getenforce to check SELINUX status after it is deployed.