SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).
This can be solved two ways:
- Disabling SELinux: BAD, but easy
- Writing a custom SELinux policy: complicated but more secure
Note: Adding/Changing this policy through a VMware tools connection is thankfully possible
Example policy
This policy is the base for a VMware tools policy and allows entering the rpm context (yum).
module custom-vmtools 1.0;
require {
type rpm_script_t;
type vmtools_unconfined_t;
class process transition;
}
#============= vmtools_unconfined_t ==============
allow vmtools_unconfined_t rpm_script_t:process transition