seport – Manages SELinux network port type definitions

New in version 2.0.

Synopsis

  • Manages SELinux network port type definitions.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python
  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
added in 2.8
    Choices:
  • no ←
  • yes
Run independent of selinux runtime state
ports
list / required
Ports or port ranges.
Can be a list (since 2.6) or comma separated string.
proto
string / required
    Choices:
  • tcp
  • udp
Protocol for the specified port.
reload
boolean
    Choices:
  • no
  • yes ←
Reload SELinux policy after commit.
setype
string / required
SELinux type for the specified port.
state
string
    Choices:
  • absent
  • present ←
Desired boolean value.

Notes

Note

  • The changes are persistent across reboots.
  • Not tested on any debian based system.

Examples

- name: Allow Apache to listen on tcp port 8888
  seport:
    ports: 8888
    proto: tcp
    setype: http_port_t
    state: present

- name: Allow sshd to listen on tcp port 8991
  seport:
    ports: 8991
    proto: tcp
    setype: ssh_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  seport:
    ports: 10000-10100,10112
    proto: tcp
    setype: memcache_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  seport:
    ports:
      - 10000-10100
      - 10112
    proto: tcp
    setype: memcache_port_t
    state: present

Status

Authors

  • Dan Keder (@dankeder)

Hint

If you notice any issues in this documentation you can edit this document to improve it.